Remote Code Execution Vulnerability in MCP Calculate Server by 611711Dark
CVE-2026-44717

9.8CRITICAL

Key Information:

Vendor: 611711dark
Status: Mcp Calculate Server
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-44717?

MCP Calculate Server, a mathematical calculation service utilizing the MCP protocol and SymPy library, was found to have a critical vulnerability prior to version 0.1.1. The improper use of the eval() function to process mathematical expressions without adequate input sanitization poses a risk of remote code execution. This flaw can allow unauthorized users to execute arbitrary code on the server, potentially compromising the entire system's security and integrity. The issue has been addressed in version 0.1.1, which includes necessary input validation measures to prevent such exploits.

Affected Version(s)

mcp_calculate_server < 0.1.1

References

https://github.com/611711Dark/mcp_calculate_server/securi...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44717 Data

JSON

611711dark

What is CVE-2026-44717?

Affected Version(s)

References

CVSS V3.1

Timeline