VDB

MAL-2026-2328

MAL-2026-2328 PUBLISHED

Malicious code in mcp-server-todo (npm)

Affected Products

VendorProductVersions
npmmcp-server-todo0, 0

Timeline

  • Apr 1, 2026 CVE Published
  • Apr 7, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›