{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T07:24:06.148","vulnerabilities":[{"cve":{"id":"CVE-2026-0758","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2026-01-23T04:16:02.433","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the shortcutName parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-27910."},{"lang":"es","value":"Vulnerabilidad de inyección de comandos y escalada de privilegios shortcutName en mcp-server-siri-shortcuts. Esta vulnerabilidad permite a atacantes locales escalar privilegios en instalaciones afectadas de mcp-server-siri-shortcuts. Un atacante debe primero obtener la capacidad de ejecutar código con privilegios bajos en el sistema objetivo para explotar esta vulnerabilidad.\n\nLa falla específica existe dentro del parámetro shortcutName. El problema resulta de la falta de validación adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar código arbitrario en el contexto de la cuenta de servicio. Fue ZDI-CAN-27910."}],"metrics":{"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-26-024/","source":"zdi-disclosures@trendmicro.com"}]}}]}