Code Injection Vulnerability in abhiphile fermat-mcp Product
CVE-2026-2008

5.3MEDIUM

Key Information:

Vendor

Abhiphile

Status
Fermat-mcp
Vendor
CVE Published:
6 February 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-2008?

A vulnerability exists in the abhiphile fermat-mcp product affecting the eqn_chart function within the eqn_chart.py file. By manipulating the argument 'equations', attackers can execute arbitrary code, leading to potential unauthorized access and remote exploitation. The rolling release nature of this product complicates version tracking for users, as updates and fixes may not be explicitly tagged. Currently, the issue has been reported but remains unaddressed by the development team, increasing the urgency for users to assess their exposure and mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

fermat-mcp 47f11def1cd37e45dd060f30cdce346cbdbd6f0a

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-2008 - Proof of Concept

References

https://vuldb.com/?id.344590
vdb-entrytechnical-description
https://vuldb.com/?ctiid.344590
signaturepermissions-required
https://vuldb.com/?submit.743458
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lexpl0it (VulDB User)
JSON
.