From 15a61662fccc548dbaf14e717028d948843fde06 Mon Sep 17 00:00:00 2001
From: RinCodeForge927 <dangnhatrin90@gmail.com>
Date: Sat, 17 Jan 2026 20:17:09 +0700
Subject: [PATCH] [Security] Fix potential command injection on Windows in CLI
 dev command

---
 src/mcp/cli/cli.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/mcp/cli/cli.py b/src/mcp/cli/cli.py
index c4cae0dce3..39fe8b977c 100644
--- a/src/mcp/cli/cli.py
+++ b/src/mcp/cli/cli.py
@@ -3,6 +3,7 @@
 import importlib.metadata
 import importlib.util
 import os
+import shlex
 import subprocess
 import sys
 from pathlib import Path
@@ -275,8 +276,15 @@ def dev(
 
         # Run the MCP Inspector command with shell=True on Windows
         shell = sys.platform == "win32"
+        cmd_args = [npx_cmd, "@modelcontextprotocol/inspector"] + uv_cmd
+
+        if shell:
+            # On Windows with shell=True, I need to quote arguments to prevent injection
+            # and join them into a single string, as passing a list with shell=True is unsafe/undefined behavior
+            cmd_args = " ".join(shlex.quote(arg) for arg in cmd_args)
+
         process = subprocess.run(
-            [npx_cmd, "@modelcontextprotocol/inspector"] + uv_cmd,
+            cmd_args,
             check=True,
             shell=shell,
             env=dict(os.environ.items()),  # Convert to list of tuples for env update