Skip to main content

simple-openstack-mcp CVE-2026-7066

MEDIUM
OS Command Injection (CWE-78)
2026-04-26 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Severity Changed
Apr 27, 2026 - 00:22 NVD
HIGH MEDIUM
CVSS changed
Apr 27, 2026 - 00:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
Analysis Generated
Apr 27, 2026 - 00:00 vuln.today
Analysis Generated
Apr 26, 2026 - 23:30 vuln.today
CVE Published
Apr 26, 2026 - 23:15 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote OS command injection in simple-openstack-mcp allows unauthenticated attackers to execute arbitrary system commands via the exec_openstack function in server.py. The vulnerability affects all deployments up to commit 767b2f4a8154cca344344b9725537a58399e6036, with confirmed publicly available exploit code (GitHub issue #3). CVSS 7.3 severity reflects network attack vector with no authentication required, enabling direct system compromise. Project maintainer has not responded to vulnerability disclosure at time of analysis.

Technical ContextAI

The vulnerability resides in the exec_openstack function within server.py of simple-openstack-mcp, a utility for managing OpenStack deployments via Model Context Protocol (MCP). CWE-78 (OS Command Injection) indicates improper neutralization of special elements in system command execution, typically occurring when user-controlled input is passed unsafely to shell execution functions like subprocess.call, os.system, or similar Python APIs. The affected product (CPE: cpe:2.3:a:choieastsea:simple-openstack-mcp) follows a rolling release model without traditional versioning, complicating patch tracking and making commit hash (767b2f4a8154cca344344b9725537a58399e6036) the primary identifier for vulnerable deployments. Command injection vulnerabilities commonly arise from concatenating user input directly into shell commands without validation or escaping, allowing attackers to inject shell metacharacters (semicolons, pipes, backticks) to execute arbitrary commands.

RemediationAI

No vendor-released patch is available as the project maintainer has not responded to the disclosure (GitHub issue #3). Organizations must implement compensating controls immediately. Primary mitigation: Remove external network access to simple-openstack-mcp server endpoints by binding server.py only to localhost (127.0.0.1) or internal management networks, then enforce access via authenticated jump hosts or VPN - this eliminates remote unauthenticated attack vector but requires administrative overhead for legitimate access. Secondary mitigation: Deploy web application firewall (WAF) or reverse proxy with strict input validation to filter shell metacharacters (semicolons, pipes, backticks, dollar signs, ampersands) before requests reach server.py - however, this may break legitimate OpenStack command functionality if the application requires these characters. Tertiary option: Fork the repository, patch the exec_openstack function to use parameterized command execution (subprocess with shell=False and argument lists instead of string concatenation), and maintain private patched version - this requires ongoing security maintenance burden. Given unresponsive maintainer and small project scope, consider migrating to actively maintained OpenStack management alternatives with established security response processes.

Share

CVE-2026-7066 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy