CVE-2026-45805 | Penpot up to 2.14.x ReplServer ReplServer.ts executePluginTask code os command injection

SecurityVulns

A vulnerability marked as critical has been reported in Penpot up to 2.14.x. This affects the function executePluginTask of the file mcp/packages/server/src/ReplServer.ts of the component ReplServer. Performing a manipulation of the argument code results in os command injection.

This vulnerability is cataloged as CVE-2026-45805. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More