Skip to main content

gmx-vmd-mcp CVE-2026-7215

| EUVDEUVD-2026-25971 MEDIUM
Command Injection (CWE-77)
2026-04-28 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Severity Changed
Apr 28, 2026 - 03:22 NVD
HIGH MEDIUM
CVSS changed
Apr 28, 2026 - 03:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
Analysis Generated
Apr 28, 2026 - 03:15 vuln.today
EUVD ID Assigned
Apr 28, 2026 - 03:00 euvd
EUVD-2026-25971
Analysis Generated
Apr 28, 2026 - 03:00 vuln.today
CVE Published
Apr 28, 2026 - 02:00 nvd
MEDIUM 5.5

DescriptionCVE.org

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulation of the argument structure_file/trajectory_file results in command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote command injection in egtai gmx-vmd-mcp through version 0.1.0 enables unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads into the structure_file or trajectory_file parameters of the VMD Launch Handler in mcp_server.py. A public proof-of-concept exploit exists (GitHub issue #2), significantly lowering the barrier to exploitation. The vendor has not responded to responsible disclosure attempts, leaving users without an official patch.

Technical ContextAI

The gmx-vmd-mcp project is a Model Context Protocol (MCP) server that provides programmatic access to VMD (Visual Molecular Dynamics) visualization tools for molecular dynamics simulations. The vulnerability stems from CWE-77 (Command Injection) in the launch_vmd_gui_tool function within mcp_server.py, where user-supplied file path parameters are passed to system commands without proper sanitization or validation. When processing structure_file or trajectory_file arguments intended for VMD visualization, the application directly incorporates attacker-controlled input into shell commands, allowing injection of arbitrary command sequences through metacharacters or shell operators. This is a classic example of insecure command construction in Python applications that shell out to external binaries.

RemediationAI

No vendor-released patch exists at time of analysis - the project maintainer has not responded to the responsible disclosure report (GitHub issue #2). Organizations currently running gmx-vmd-mcp must implement compensating controls immediately: (1) Restrict network access to the MCP server to trusted IP ranges only using firewall rules or network segmentation, eliminating the remote attack vector (note: this reduces usability for distributed research workflows). (2) Deploy a reverse proxy with strict input validation that sanitizes structure_file and trajectory_file parameters, rejecting any input containing shell metacharacters (;|&$`\n()<>), though this may break legitimate file paths with special characters. (3) Run the MCP server process in a restricted sandbox environment (container, VM, or chroot jail) with minimal privileges to limit post-exploitation impact, accepting the overhead of containerization. (4) Implement application-level authentication and authorization before the vulnerable function is reached, though this requires code modification. (5) Monitor the GitHub repository (https://github.com/egtai/gmx-vmd-mcp/) for any eventual security updates, but given vendor non-responsiveness, consider migrating to maintained alternatives for VMD integration. Refer to the exploit code in https://github.com/egtai/gmx-vmd-mcp/issues/2 to inform validation rule development.

Share

CVE-2026-7215 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy