LangChain-ChatChat Remote Code Execution Vulnerability in MCP STDIO Server Handling
Vulnerability
A remote code execution vulnerability exists in LangChain-ChatChat version 0.3.1, specifically within its MCP STDIO server configuration and execution management. The vulnerability allows remote attackers to access the publicly exposed MCP management interface and configure an MCP STDIO server with commands and arguments controlled by the attacker. Once the MCP server is activated and enabled for agent execution, it executes the injected commands on the server. This exploitation leads to arbitrary command execution within the context of the LangChain-ChatChat service.
Impact
Exploitation of this vulnerability allows for remote code execution on the server, with the executed commands running under the LangChain-ChatChat process, potentially leading to a full system compromise.
Reproduction
To reproduce this vulnerability, access the MCP management interface of a LangChain-ChatChat application instance. Configure an MCP STDIO server by supplying arbitrary commands and arguments through the interface. Once the server is started and MCP is enabled for agent execution, the injected commands will be executed on the server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.