[New Advisory] Code Injection via Template String Interpolation in mcp-playwright Codegen #7256
Description
Advisory Details
Package: @anthropic-ai/mcp-playwright (npm) / executeautomation/mcp-playwright
Repository: https://github.com/executeautomation/mcp-playwright
CWE: CWE-94 (Code Injection)
Severity: High
Summary
The codegen functionality in mcp-playwright uses template string interpolation to construct executable code. User-controlled input injected into template strings can break out of the string context and execute arbitrary JavaScript code.
Details
When generating Playwright code from user input, the tool interpolates user-supplied values directly into JavaScript template strings without sanitization. An attacker can inject template literal escape sequences or backtick characters to break out of the string context and inject arbitrary code that gets executed by the codegen engine.
PoC
- Use the codegen tool with a crafted selector or URL containing template injection payload
- The payload breaks out of the template string and executes as JavaScript
- Arbitrary code execution in the Node.js process context
Impact
Code injection leading to arbitrary code execution in the Node.js process running the MCP server. An attacker can read/write files, make network requests, and execute system commands.