Skip to main content

mcp-server-rijksmuseum CVE-2026-7653

| EUVDEUVD-2026-26800 LOW
OS Command Injection (CWE-78)
2026-05-02 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
May 02, 2026 - 16:22 NVD
MEDIUM LOW
CVSS changed
May 02, 2026 - 16:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
PoC Detected
May 02, 2026 - 16:16 vuln.today
Public exploit code
Analysis Generated
May 02, 2026 - 16:15 vuln.today
EUVD ID Assigned
May 02, 2026 - 16:00 euvd
EUVD-2026-26800
Analysis Generated
May 02, 2026 - 16:00 vuln.today
CVE Published
May 02, 2026 - 15:30 nvd
LOW 2.1

DescriptionCVE.org

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote authenticated command injection in r-huijts mcp-server-rijksmuseum up to version 1.0.4 allows attackers with login credentials to execute arbitrary OS commands via manipulation of the imageUrl argument in the open_image_in_browser function. The vulnerability has publicly available exploit code and the vendor has not yet responded to early disclosure.

Technical ContextAI

The mcp-server-rijksmuseum application is an MCP (Model Context Protocol) interface that integrates with the Rijksmuseum API. The vulnerability exists in the open_image_in_browser function within src/index.ts, which processes user-supplied imageUrl parameters without proper sanitization before passing them to OS-level command execution. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) indicates the root cause is inadequate input validation and output encoding when constructing or executing system commands. The attack vector is network-based, suggesting the vulnerable function is accessible through remote MCP protocol interactions, requiring an authenticated session.

RemediationAI

Upgrade mcp-server-rijksmuseum to a patched version above 1.0.4 if available; check the project repository at https://github.com/r-huijts/rijksmuseum-mcp for updates. If no patched release is available, implement input validation and sanitization for the imageUrl parameter by employing strict URL parsing (allowlist only valid Rijksmuseum image domains), using parameterized command execution instead of shell concatenation, and escaping any special characters before OS command invocation. Additionally, restrict access to the MCP server to trusted networks using network segmentation or firewall rules, and enforce strong authentication credentials to reduce the likelihood of credential compromise. Monitor for suspicious image URL parameters in application logs for signs of exploitation attempts.

Share

CVE-2026-7653 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy