Upsonic Remote Code Execution Vulnerability via MCP Server Task Creation

A remote code execution vulnerability has been identified in Upsonic version 0.71.6, specifically within its MCP server task creation feature. The application permits users to create MCP tasks by specifying arbitrary commands and arguments. While there is an allowlist, certain permitted commands, such as npm and npx, can be exploited to execute arbitrary operating system commands. This vulnerability arises because the application executes the injected commands without proper validation or sanitization, leading to remote code execution with the privileges of the Upsonic process.

Impact

Exploitation of this vulnerability allows for remote code execution on the server, with the executed commands running under the Upsonic process's privileges, potentially leading to a full system compromise.

Reproduction

To reproduce this vulnerability, create an MCP task in Upsonic version 0.71.6. Specify a command that is allowed by the application, such as 'npx', and include argument flags that can inject additional commands. Once the task is executed, the injected commands will be executed on the server, demonstrating the remote code execution vulnerability.

Remediation

Users are advised to update to Upsonic version 0.72.0 or later, where this vulnerability has been addressed.