What is CVE-2026-44717?

CVE-2026-44717 is a critical-severity vulnerability in 611711dark Mcp_calculate_server, classified under Code Injection. CVSS score: 9.8/10. Published 2026-05-15.

How severe is CVE-2026-44717?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in 611711dark Mcp_calculate_server

CVE-2026-44717

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitization leads to remote code execution. Th…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.003 (56.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

611711dark Mcp_calculate_server — versions < 0.1.1

Weakness classification (CWE)

CWE-94 — Code Injection

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44717?: CVE-2026-44717 is a critical-severity vulnerability in 611711dark Mcp_calculate_server, classified under Code Injection. CVSS score: 9.8/10. Published 2026-05-15.
How severe is CVE-2026-44717?: Critical severity. CVSS v3 base score is 9.8 out of 10.