Is there a public PoC exploit available for CVE-2026-7730?

Yes, a public proof-of-concept exploit is available for CVE-2026-7730. Prioritise patching immediately. EPSS: 0.7%.

privsim mcp-test-runner CVE-2026-7730

Q: What is the CVSS score of CVE-2026-7730?

CVE-2026-7730 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.7%.

EUVD-2026-26884 LOW

OS Command Injection (CWE-78)

2026-05-04 VulDB

Command Injection

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 04, 2026 - 15:18 vuln.today

Public exploit code

Severity Changed

May 04, 2026 - 05:22 NVD

MEDIUM LOW

CVSS changed

May 04, 2026 - 05:22 NVD

6.3 (MEDIUM) 2.1 (LOW)

Analysis Generated

May 04, 2026 - 05:00 vuln.today

EUVD ID Assigned

May 04, 2026 - 04:30 euvd

EUVD-2026-26884

Analysis Generated

May 04, 2026 - 04:30 vuln.today

CVE Published

May 04, 2026 - 04:00 nvd

LOW 2.1

DescriptionNVD

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in privsim mcp-test-runner 0.2.0 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the command argument passed to child_process.spawn in the MCP Interface component. The vulnerability affects version 0.2.0 with CVSS 6.3 (network-exploitable, low attack complexity, low-privileged access required). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7730 vulnerability details – vuln.today

Back