Security Vulnerability: Command Injection in 2 toolkit-mcp-server tools

### Summary
The MCP server toolkit-mcp-server is vulnerable to command injection due to unsafe use of child_process.exec with user-controlled input in 2 MCP tools:
⚫ pingHost
⚫ traceroute

### Affected Versions
<= 1.0.1

### Vulnerable Code
Take pingHost for example:
https://github.com/cyanheads/toolkit-mcp-server/blob/master/src/tools/network.ts#L126-L130
https://github.com/cyanheads/toolkit-mcp-server/blob/master/src/tools/network.ts#L108-L125
https://github.com/cyanheads/toolkit-mcp-server/blob/master/src/tools/network.ts#L132-L144

### Details
Vulnerable parameters:
host in pingHost and traceroute tools.
This parameter is passed directly to execAsync() without sufficient validation. An attacker can inject shell metacharacters such as &, ;, &&, or others to execute arbitrary commands.

### Impact
Arbitrary command execution when untrusted input is processed by the MCP server.

Recommendation
⚫ Don't use exec. Use execFile instead, which pins the command and provides the arguments as array elements.
⚫ Apply strict input validation to all tool parameters exposed to MCP clients, especially host parameters.
⚫ Use parameter separation with proper escaping to prevent shell command injection.

### PoC
See the attached files:
[toolkit-mcp-server bug.pdf](https://github.com/user-attachments/files/24872868/toolkit-mcp-server.bug.pdf)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Vulnerability: Command Injection in 2 toolkit-mcp-server tools #6

Summary

Affected Versions

Vulnerable Code

Details

Impact

PoC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security Vulnerability: Command Injection in 2 toolkit-mcp-server tools #6

Description

Summary

Affected Versions

Vulnerable Code

Details

Impact

PoC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions