CVE-2026-31040: stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution

Severity: Critical

CVSS Score: 9.8

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.