Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
OS command injection in jackwrichards FastlyMCP allows remote unauthenticated attackers to execute arbitrary system commands via manipulation of the command argument in the fastly_cli Tool component. The vulnerability exists in fastly-mcp.mjs and has been disclosed publicly with exploit code available, though the project operates on a rolling release model with no versioned releases and has not yet responded to early disclosure notifications.
Technical ContextAI
FastlyMCP is a Model Context Protocol (MCP) server that provides integration with Fastly services through a command-line interface tool (fastly_cli). The vulnerability resides in the fastly-mcp.mjs file where user-supplied command arguments are passed to OS command execution functions without proper sanitization or validation. This is a classic OS command injection vulnerability (CWE-78) where shell metacharacters and command separators in the command argument are not escaped or filtered, allowing attackers to break out of the intended command context and inject arbitrary shell commands. The CPE indicates the entire FastlyMCP product line (all versions) is affected due to the rolling release model used by the project.
RemediationAI
No vendor-released patch identified at time of analysis. Since the project has not responded to early disclosure and operates on a rolling release model, monitor the FastlyMCP GitHub repository (https://github.com/jackwrichards/FastlyMCP/) for commits addressing the command injection in fastly-mcp.mjs. As an immediate mitigation, implement network-level access controls to restrict FastlyMCP services to trusted internal networks and authenticated users only; do not expose FastlyMCP endpoints to untrusted or public networks. Additionally, review all instances of FastlyMCP usage and consider sandboxing the service in a container or virtual machine with minimal OS privileges and restricted outbound network access to limit the impact of successful command injection. Validate and sanitize all command arguments passed to the fastly_cli Tool component using allowlist-based input validation (e.g., only permit alphanumeric characters and specific delimiters expected by Fastly API calls). The trade-off of strict input validation is reduced feature flexibility if legitimate use cases require special characters; coordinate with users before enforcement.
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25977