A security vulnerability has been discovered in figma-developer-mcp, a popular Model Context Protocol (MCP) server for Figma integrations. The flaw allows attackers to execute arbitrary system commands on affected servers, earning it a “high severity” rating from GitHub’s security team.
The issue stems from improper handling of user input in the package’s get_figma_data tool. Developers used child_process.exec to construct shell commands without properly sanitizing user-supplied parameters. This creates an opening for command injection attacks. Attackers can exploit this by inserting shell metacharacters—symbols like |, >, &&—that the system interprets as command separators rather than regular text. Security researchers successfully demonstrated arbitrary code execution by injecting test commands that created files on target systems.
Any system running figma-developer-mcp version 0.6.2 or older is vulnerable. This includes development environments, automated workflows, and applications that process Figma data—especially those where untrusted users can influence operation parameters.
Version 0.6.3 patches the vulnerability by replacing unsafe child_process.exec calls with child_process.execFile, which handles arguments as a separate array and blocks injection attempts.
Developers should upgrade immediately by running npm update figma-developer-mcp and verifying they’re on version 0.6.3 or higher.
Why It Matters
Even modern AI-focused tools are not immune to classic security mistakes. Command injection vulnerabilities remain common when developers use string concatenation for system commands instead of safer parameterized approaches.
For more technical details, see the full advisory on GitHub here.
Leave a Reply