VDB
MAL-2026-2328
MAL-2026-2328
PUBLISHED
Malicious code in mcp-server-todo (npm)
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| npm | mcp-server-todo | 0, 0 |
Timeline
- Apr 1, 2026 CVE Published
- Apr 7, 2026 CVE Updated