ATR-2026-00112highPrivilege Escalationexperimental
Dynamic Module Loading for Code Execution
Detects dynamic module loading where the module path is a variable rather than a string literal. This pattern allows an attacker to control which code is loaded at runtime, enabling injection of malicious modules, WebAssembly payloads, or native libraries. Unlike static imports which are auditable, dynamic imports with variable paths can resolve to attacker-controlled code.
Severity
high
Category
Privilege Escalation
Scan Target
mcp
Author
ATR Community
Response Actions
alertsnapshot
References
OWASP Agentic
ASI05:2026 - Unexpected Code Execution
More Privilege Escalation Rules
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code Injection