The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the "mcp-run-python" project is archived and unlikely to receive a fix.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
High
Сложно эксплуатировать
Privileges Required
None
Права не нужны
User Interaction
Required
Нужно действие пользователя
Impact Assessment
Confidentiality
Low
Частичная утечка данных
Integrity
Low
Частичная модификация данных
Availability
Low
Частичное нарушение работы
CVSS Vector v3.1