GHSA-97RM-XJ73-33JH
Vulnerability from github – Published: 2026-02-19 20:27 – Updated: 2026-02-19 20:27The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file.
Impact
An attacker can inject arbitrary environment variables into the .env file. This could lead to:
- Configuration Overwrites: Attackers can overwrite critical settings like EBAY_REDIRECT_URI to hijack OAuth flows.
- Denial of Service: Injecting invalid configuration can prevent the server from starting.
- Potential RCE: In some environments, controlling environment variables (like NODE_OPTIONS) can lead to Remote Code Execution.
Found with MCPwner 🕶
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ebay-mcp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27203"
],
"database_specific": {
"cwe_ids": [
"CWE-15",
"CWE-74"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-19T20:27:11Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The `ebay_set_user_tokens` tool allows updating the `.env` file with new tokens. The `updateEnvFile` function in `src/auth/oauth.ts` blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file.\n\n### Impact\nAn attacker can inject arbitrary environment variables into the `.env` file. This could lead to:\n- **Configuration Overwrites**: Attackers can overwrite critical settings like `EBAY_REDIRECT_URI` to hijack OAuth flows.\n- **Denial of Service**: Injecting invalid configuration can prevent the server from starting.\n- **Potential RCE**: In some environments, controlling environment variables (like `NODE_OPTIONS`) can lead to Remote Code Execution.\n\nFound with [MCPwner](https://github.com/Pigyon/MCPwner) \ud83d\udd76",
"id": "GHSA-97rm-xj73-33jh",
"modified": "2026-02-19T20:27:11Z",
"published": "2026-02-19T20:27:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/YosefHayim/ebay-mcp/security/advisories/GHSA-97rm-xj73-33jh"
},
{
"type": "WEB",
"url": "https://github.com/YosefHayim/ebay-mcp/commit/aab0bda75ea9dd27aa37d0d8524d7cf41b3c4a9a"
},
{
"type": "PACKAGE",
"url": "https://github.com/YosefHayim/ebay-mcp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "eBay API MCP Server Affected by Environment Variable Injection "
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.