A critical command injection vulnerability in radare2-mcp allows unauthenticated attackers to execute arbitrary OS commands, leading to full host compromise.

The application fails to properly filter shell metacharacters in the JSON-RPC interface parameters passed to r2_cmd_str(). This allows an attacker to inject shell commands that execute with the privileges of the application.

A CVSS score of 9.8 indicates that this vulnerability can be leveraged for full system takeover. If exposed externally, it allows any remote attacker to execute arbitrary code, which is catastrophic for the host environment.

Immediate Action: Update to the latest version of radare2-mcp as soon as available.

Proactive Monitoring: Monitor for unexpected shell command execution and unusual network traffic to the JSON-RPC port.

Compensating Controls: Restrict access to the JSON-RPC interface to trusted internal IP addresses only via firewall rules.

Public Exploit Available: No

Command injection is a high-impact vulnerability that requires immediate mitigation. All users running radare2-mcp should restrict network access to the service and prioritize applying the update to remediate the flaw.