HTML Injection Vulnerability in MCP Appium AI Testing Server
CVE-2026-58500
8.2HIGH
What is CVE-2026-58500?
MCP Appium versions prior to 1.85.10 are susceptible to an HTML injection vulnerability within the createLocatorGeneratorUI function. By allowing attacker-controlled element attributes such as text, content-desc, resource-id, and locator selector values to be directly interpolated into an HTML template, malicious users can inject arbitrary HTML and JavaScript into the user interface of the MCP server. This leads to the execution of unauthorized operations, such as taking screenshots or reading page sources via the window.parent.postMessage function, if the UI of the app being tested is compromised. This vulnerability has been remedied in release 1.85.10.
Affected Version(s)
appium-mcp < 1.85.10
