ATR-2026-00112highPrivilege Escalationexperimental
Dynamic Module Loading for Code Execution
Detects dynamic module loading where the module path is a variable rather than a string literal. This pattern allows an attacker to control which code is loaded at runtime, enabling injection of malicious modules, WebAssembly payloads, or native libraries. Unlike static imports which are auditable, dynamic imports with variable paths can resolve to attacker-controlled code.
嚴重度
high
類別
Privilege Escalation
掃描目標
mcp
作者
ATR Community
建議回應
alertsnapshot
參考資料
OWASP Agentic
ASI05:2026 - Unexpected Code Execution
更多 Privilege Escalation 規則
ATR-2026-00040criticalPrivilege Escalation and Admin Function AccessATR-2026-00041mediumAgent Scope Creep DetectionATR-2026-00064highOver-Permissioned MCP SkillATR-2026-00107highPrivilege Escalation via Delayed Task Execution BypassATR-2026-00110criticalRemote Code Execution via eval() and Dynamic Code Injection