Command Injection Vulnerability in GitHub Kanban MCP Server
CVE-2026-0756

9.8CRITICAL

Key Information:

Vendor: Github-kanban-mcp-server
Status: Github-kanban-mcp-server
Vendor: CVE Published:; 23 January 2026

🔔 Create Github-kanban-mcp-server Vulnerability Alert

What is CVE-2026-0756?

A security vulnerability in GitHub Kanban MCP Server enables remote attackers to execute arbitrary code. This flaw arises from inadequate validation of the 'create_issue' parameter, which allows user-supplied strings to be processed without proper checks. As a result, attackers can exploit this vulnerability to run commands within the context of the service account, leading to potential unauthorized access and system compromise.

Affected Version(s)

github-kanban-mcp-server 0.3.0

References

https://www.zerodayinitiative.com/advisories/ZDI-26-022/

x_research-advisory

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2026
Vulnerability Reserved
Jan 8, 2026

CVE-2026-0756 Data

JSON