AhujaSid Blender-MCP Code Injection Vulnerability Allowing Remote Code Execution

A code injection vulnerability has been identified in AhujaSid's Blender-MCP integration, specifically in versions up to commit 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The issue arises in the 'execute_blender_code' function within 'src/blender_mcp/server.py', where user-controlled input is executed via Python's 'exec()' function without any sanitization. This vulnerability allows for remote code execution on the system running Blender, as the 'exec()' function can be used to execute arbitrary Python code with full access to the Python standard library and, potentially, the underlying operating system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where Blender is running, executed under the user's privileges.

Reproduction

The vulnerability can be reproduced by sending a request to the 'execute_blender_code' tool with a 'code' parameter that includes malicious Python code. This can be done using the MCP Inspector tool, after connecting to a Blender instance with the vulnerable addon enabled. Once the 'execute_blender_code' tool is selected, the injected code is executed without any validation, leading to remote code execution.