Is there a public PoC exploit available for CVE-2026-7220?

Yes, a public proof-of-concept exploit is available for CVE-2026-7220. Prioritise patching immediately. EPSS: 1.0%.

FastlyMCP CVE-2026-7220

Q: What is the CVSS score of CVE-2026-7220?

CVE-2026-7220 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 1.0%.

EUVD-2026-25977 MEDIUM

OS Command Injection (CWE-78)

2026-04-28 VulDB

Command Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Analysis Generated

Apr 28, 2026 - 04:30 vuln.today

Severity Changed

Apr 28, 2026 - 04:22 NVD

HIGH MEDIUM

CVSS changed

Apr 28, 2026 - 04:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

EUVD ID Assigned

Apr 28, 2026 - 04:15 euvd

EUVD-2026-25977

Analysis Generated

Apr 28, 2026 - 04:15 vuln.today

CVE Published

Apr 28, 2026 - 03:15 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in jackwrichards FastlyMCP allows remote unauthenticated attackers to execute arbitrary system commands via manipulation of the command argument in the fastly_cli Tool component. The vulnerability exists in fastly-mcp.mjs and has been disclosed publicly with exploit code available, though the project operates on a rolling release model with no versioned releases and has not yet responded to early disclosure notifications.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7220 vulnerability details – vuln.today

Back

FastlyMCP CVE-2026-7220

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

FastlyMCP CVE-2026-7220

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code