HTML Injection Vulnerability in MCP Appium AI Testing Server
CVE-2026-58500

8.2HIGH

Key Information:

Vendor

Appium

Vendor
CVE Published:
13 July 2026

What is CVE-2026-58500?

MCP Appium versions prior to 1.85.10 are susceptible to an HTML injection vulnerability within the createLocatorGeneratorUI function. By allowing attacker-controlled element attributes such as text, content-desc, resource-id, and locator selector values to be directly interpolated into an HTML template, malicious users can inject arbitrary HTML and JavaScript into the user interface of the MCP server. This leads to the execution of unauthorized operations, such as taking screenshots or reading page sources via the window.parent.postMessage function, if the UI of the app being tested is compromised. This vulnerability has been remedied in release 1.85.10.

Affected Version(s)

appium-mcp < 1.85.10

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.