CVE-2026-0757: MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows
criticalvulnerabilityLLM-Specific
security
Summary
MCP Manager for Claude Desktop has a vulnerability where attackers can inject malicious commands into MCP config objects (configuration files that tell Claude how to use external tools) that aren't properly checked before being run as system commands. By tricking a user into visiting a malicious website or opening a malicious file, an attacker can break out of the sandbox (the restricted environment that limits what Claude can access) and run arbitrary code (any commands they want) on the computer.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Anthropic
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-0757
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 95%