CVE-2026-57860 | tailcallhq ForgeCode 2.11.1 MCP Server Loader .mcp.json loadMcpServers os command injection
A vulnerability identified as critical has been detected in tailcallhq ForgeCode 2.11.1. Impacted is the function loadMcpServers of the file .mcp.json of the component MCP Server Loader. Performing a manipulation results in os command injection.
This vulnerability is reported as CVE-2026-57860. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More