You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the .mcp.json file is executed automatically upon launching forge without any confirmation, this can lead to arbitrary code execution when handling an untrusted repo with pre-configured mcp file.
tested with reverse shell, arbitrary file write that goes completely silent in the background.
This is a reliable way for attackers to achieve initial access and persistence.
Bug Description
the .mcp.json file is executed automatically upon launching forge without any confirmation, this can lead to arbitrary code execution when handling an untrusted repo with pre-configured mcp file.
tested with reverse shell, arbitrary file write that goes completely silent in the background.
This is a reliable way for attackers to achieve initial access and persistence.
Arbitrary_code_execution.mp4
arbitrary_file_write.mp4
Steps to Reproduce
Arbitrary_code_execution.mp4
forgecode_poc-master.zip
Expected Behavior
you will have a reserve shell connection upon launching forge like in the POC.
Actual Behavior
forge ran anything found in the .mcp.json file without any checks, or confirmation.
Forge Version
v2.11.1
Operating System & Version
Manjaro Linux x86_64
AI Provider
None
Model
No response
Installation Method
npx forgecode@latest
Configuration