GitHub Advisory — fermat-mcp eqn_chart code injection (CVE-2026-2008)

AI relevance: fermat-mcp is an MCP tool backend; an agent tool call that passes crafted equations can execute code on the MCP host.

• CVE-2026-2008 is a code injection flaw in fermat-mcp, tied to the eqn_chart tool.
• Root cause: the equations parameter is evaluated with eval, which can be bypassed to run arbitrary code.
• The advisory notes the issue is remotely exploitable and the exploit is public.
• Because fermat-mcp uses a rolling release, no fixed or affected version range is specified.
• The project was reportedly notified via issue but had not responded at the time of disclosure.

Why it matters

• Agents routinely forward untrusted user input into MCP tool parameters; eval turns that into direct execution.
• Math/plotting tools are common in agent stacks, so similar patterns may exist elsewhere.
• Rolling-release MCP servers are harder to pin and audit, increasing operational risk.

What to do

• Disable the eqn_chart tool or sandbox the MCP server until a fix is confirmed.
• Replace eval with safe parsers (AST-based) and strict allowlists for expressions.
• Run MCP servers with minimal privileges and avoid exposing them directly to public-facing agents.

Sources

• GitHub Advisory — CVE-2026-2008
• Issue report — fermat-mcp eqn_chart code injection
• NVD — CVE-2026-2008