—

CVE-2026-31040EXPLOITEDPATCHED

n/a · n/a

CVE-2026-31040: A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-fil

Description

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.

Affected Products

Vendor	Product	Versions
n/a	n/a	pip/stata-mcp: < 1.13.0

References

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-31040 | SepineTam stata-mcp up to 1.12.x File Content Remote Code Execution

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

stata-mcp@1.13.0

CWECWE-20

PublishedApr 8, 2026

Last enriched6h agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2023-46945EXP

CVE-2023-46945: QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request

Trending: 49

HIGHCVE-2026-30080

CVE-2026-30080: OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported int

Trending: 27

NONECVE-2025-50671

CVE-2025-50671: A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_

Trending: 20

NONECVE-2025-50663

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.

Trending: 20

NONECVE-2025-50662

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.

Trending: 20

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Actively Exploited

Apr 8, 2026

Patch Available

Apr 8, 2026

Discovered by ZDM

Apr 8, 2026

Updated: affectedVersions, severity, activelyExploited, tags

Apr 8, 2026

Version History

Last enriched 6h ago

v2Tier C6h ago

Updated vendor to SepineTam, product to stata-mcp, affected versions to 1.12.x, severity to CRITICAL, and marked as actively exploited.

affectedVersionsseverityactivelyExploitedtags

via VulDB

v18h ago

Initial creation