Description

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.

INFO

Published Date :

2026-01-16T16:29:48.433Z

Last Modified :

2026-01-16T16:47:34.560Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23523 vulnerability.

Vendors Products
Openagentplatform
  • Dive
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23523.

URL Resource
https://github.com/OpenAgentPlatform/Dive/commit/a5162ac9eff366d8ea1215b8a47139a81a55a779 cve-icon cve-icon
https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-pjj5-f3wm-f9m8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact