Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability

A command injection vulnerability allowing remote code execution has been identified in Framelink Figma MCP Server versions through 0.6.2. The issue arises in the fetchWithRetry method, where user-supplied input is not properly validated before being used in system calls. This lack of validation enables attackers to inject arbitrary commands that are executed with the privileges of the service account. Exploitation does not require authentication.

Impact

Successful exploitation allows for arbitrary code execution on the server, executed in the context of the service account.

Reproduction

The vulnerability can be reproduced by sending a crafted request that includes malicious input designed to exploit the command injection flaw. This can be done using the MCP Client IDE or the MCP Inspector tool. After injecting a command that redirects output to a temporary file, the injected command's execution can be verified by checking the file for the expected output.

Remediation

Users are advised to update to Framelink Figma MCP Server version 0.6.3 or later, where this vulnerability has been addressed.