June 30, 2026

CVE-2026–10691: How a Sneaky Regex Bug Could Crash Your AI Desktop Tool

DesktopCommanderMCP is an open-source project by developer wonderwhy-er

By CyberPodcast

2 min read

If you use DesktopCommanderMCP — a popular open-source tool that lets AI assistants like Claude control your desktop — there's a security vulnerability you need to know about. It goes by the identifier CVE-2026–10691, and while it won't let an attacker steal your data, it can be used to make the tool stop responding entirely.

Let's break it down in plain English.

What Is DesktopCommanderMCP?

DesktopCommanderMCP is an open-source project by developer wonderwhy-er. It acts as a bridge between AI models (like Claude) and your computer, letting the AI run terminal commands, search your files, manage processes, and more — all through the Model Context Protocol (MCP).

In other words, it gives AI a pair of hands on your machine. That makes it powerful. And it makes security bugs in it worth taking seriously.

What Went Wrong?

The vulnerability lives in a file called search-manager.ts, specifically inside a function called start_search.

When you ask the tool to search for something, it processes your query using a regular expression — a pattern-matching tool that programmers use to find text. The problem? That regular expression was written in a way that's catastrophically inefficient on certain inputs.

This class of bug is called ReDoS — short for Regular Expression Denial of Service.

Here's the simple version: imagine asking someone to sort a pile of cards. A well-written sorting method takes a few seconds. But with a badly written one, doubling the number of cards doesn't double the work — it multiplies it exponentially. Feed it enough cards, and the sorter is stuck forever.

That's exactly what happens here. A remote attacker with a valid login can send a specially crafted SearchResult[] argument to the start_search function. The server tries to process it, gets stuck in a regex loop, consumes all available CPU, and becomes unresponsive. That's a Denial of Service (DoS).

Who Found It and How Bad Is It?

The vulnerability was reported by a researcher known as skywings on VulDB (submission #830746) and disclosed publicly on June 2, 2026.[cve]

The CVSS scores tell the story clearly:[cve]

VersionScoreSeverityCVSS 4.05.3MediumCVSS 3.14.3MediumCVSS 3.04.3Medium

It's rated Medium because:

  • ✅ It's remotely exploitable — no physical access needed
  • ✅ A public exploit already exists (PoC was released)
  • ✅ Low complexity — easy to trigger
  • ❌ It doesn't leak data or allow code execution
  • ❌ It requires authentication — the attacker needs a valid account first

Bottom line: not catastrophic, but it's a real, weaponizable availability issue.

The Technical Details (For the Curious)

The two CWEs (Common Weakness Enumerations) assigned are:[cve]

  • CWE-1333 — Inefficient Regular Expression Complexity
  • CWE-400 — Uncontrolled Resource Consumption

The root cause is a regex pattern in src/search-manager.ts that exhibits catastrophic backtracking when processing a malicious SearchResult[] input. This causes the Node.js event loop to block, freezing the entire MCP server process.

The fix was committed as patch 4ce845f8749b6a159b57b38dcc3357f7222a8078 and shipped in PR #400.[cve]

What Should You Do?

The fix is simple and already available:

Upgrade DesktopCommanderMCP to version 0.2.39 or later.

You can do this by running:

npm update -g @wonderwhy-er/desktop-commander

Or by pulling the latest release from GitHub.

All versions from 0.2.0 through 0.2.38 are affected. Version 0.2.39 is confirmed safe.[cve]

The Bigger Picture

This vulnerability is a reminder that even developer tools and AI integrations — software we tend to trust because we chose to install it — can carry hidden risks. ReDoS bugs are notoriously easy to overlook during code review because the problematic regex often looks perfectly normal.

As AI-powered desktop agents become more common and more capable, the attack surface they expose grows. Keeping these tools updated isn't optional. It's basic hygiene.

Found this useful? Share it with your team. If you run a homelab, use Claude Desktop, or build with MCP tools, this one's for you.

— Follow this newsletter for plain-English CVE breakdowns, security research notes, and vulnerability deep-dives.