Skip to main content

AgentDeskAI browser-tools-mcp CVE-2026-7064

MEDIUM
OS Command Injection (CWE-78)
2026-04-26 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Analysis Generated
Apr 26, 2026 - 23:30 vuln.today
Severity Changed
Apr 26, 2026 - 23:22 NVD
HIGH MEDIUM
CVSS changed
Apr 26, 2026 - 23:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
Analysis Generated
Apr 26, 2026 - 23:15 vuln.today
CVE Published
Apr 26, 2026 - 22:45 nvd
MEDIUM 5.5

DescriptionCVE.org

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote unauthenticated attackers can inject arbitrary operating system commands through the browser-connector.ts file in AgentDeskAI browser-tools-mcp versions up to 1.2.0, leading to command execution with application privileges. The vulnerability stems from improper input sanitization in file browser processing and has been published with publicly available exploit code; the vendor has been notified but has not yet released a patch.

Technical ContextAI

AgentDeskAI browser-tools-mcp is a Model Context Protocol (MCP) server component that provides browser automation and file manipulation capabilities. The vulnerability exists in browser-tools-server/browser-connector.ts, which processes file system operations without proper command injection protections. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) indicates that user-supplied input is passed unsanitized to OS command execution functions, likely through shell metacharacter sequences (e.g., backticks, pipe operators, command substitution). The affected CPE cpe:2.3:a:agentdeskai:browser-tools-mcp indicates all instances of this package through version 1.2.0 and potentially later versions if unpatched.

RemediationAI

No vendor-released patch has been identified at the time of analysis; the project was informed early through issue report #232 but has not yet released a fix version. Immediate remediation steps: (1) Isolate any deployment of browser-tools-mcp from untrusted network access by placing it behind a network firewall or reverse proxy that performs strict input validation; (2) Disable or remove the file browser functionality if not actively used; (3) Monitor for exploitation attempts by logging all input to the affected browser-connector.ts endpoint and alerting on shell metacharacters (backticks, pipe, semicolon, dollar signs) in request payloads; (4) Fork the project and apply custom input sanitization to strip or escape shell metacharacters before any OS command execution; (5) Evaluate alternative MCP server implementations or contact AgentDeskAI for timeline on a patched release. If the component cannot be removed, implement a Web Application Firewall (WAF) rule to block requests containing command injection patterns, though this is a defense-in-depth measure and not a primary fix.

Share

CVE-2026-7064 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy