Skip to main content

MoussaabBadla CVE-2026-5528

| EUVDEUVD-2026-19005 LOW
Command Injection (CWE-77)
2026-04-05 cna@vuldb.com
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
EUVD ID Assigned
Apr 05, 2026 - 00:22 euvd
EUVD-2026-19005
Analysis Generated
Apr 05, 2026 - 00:22 vuln.today
CVE Published
Apr 05, 2026 - 00:16 nvd
MEDIUM 5.3

DescriptionCVE.org

A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

OS command injection in MoussaabBadla code-screenshot-mcp HTTP interface (versions up to 0.1.0) allows authenticated remote attackers to execute arbitrary system commands with limited confidentiality, integrity, and availability impact. Public exploit code has been disclosed, and the vendor did not respond to early disclosure attempts, leaving affected deployments without vendor-provided patches.

Technical ContextAI

The vulnerability exists in the HTTP interface component of code-screenshot-mcp, a model context protocol (MCP) tool for screenshot functionality. The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating that user-supplied input to the HTTP interface is not properly sanitized before being passed to OS command execution functions. This allows an authenticated user to inject shell metacharacters or commands that are interpreted by the underlying operating system, bypassing intended application logic.

RemediationAI

No vendor-released patch has been identified at time of analysis. The vendor did not respond to early disclosure attempts. Users should immediately audit deployments of code-screenshot-mcp version 0.1.0 and earlier to determine if they are internet-facing or accessible to untrusted users. Mitigation strategies include upgrading to a newer version if available from the upstream repository, restricting network access to the HTTP interface via firewall rules or reverse proxy authentication, running the tool in a sandboxed or containerized environment with minimal system privileges, and monitoring for suspicious command execution patterns in application logs. Check the GitHub repository (github.com/wing3e or the original project) for any community-provided fixes or workarounds.

Share

CVE-2026-5528 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy