Skip to main content

privsim mcp-test-runner CVE-2026-7730

| EUVDEUVD-2026-26884 LOW
OS Command Injection (CWE-78)
2026-05-04 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
PoC Detected
May 04, 2026 - 15:18 vuln.today
Public exploit code
Severity Changed
May 04, 2026 - 05:22 NVD
MEDIUM LOW
CVSS changed
May 04, 2026 - 05:22 NVD
6.3 (MEDIUM) 2.1 (LOW)
Analysis Generated
May 04, 2026 - 05:00 vuln.today
EUVD ID Assigned
May 04, 2026 - 04:30 euvd
EUVD-2026-26884
Analysis Generated
May 04, 2026 - 04:30 vuln.today
CVE Published
May 04, 2026 - 04:00 nvd
LOW 2.1

DescriptionCVE.org

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in privsim mcp-test-runner 0.2.0 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the command argument passed to child_process.spawn in the MCP Interface component. The vulnerability affects version 0.2.0 with CVSS 6.3 (network-exploitable, low attack complexity, low-privileged access required). Publicly available exploit code exists and the vendor has not yet responded to early disclosure notification.

Technical ContextAI

The vulnerability exists in the MCP Interface implementation (src/index.ts) where the child_process.spawn function is called with unsanitized user-supplied input in the command argument. The Node.js child_process.spawn API executes commands directly when passed a string rather than properly tokenized arguments, making it susceptible to OS command injection (CWE-78: Improper Neutralization of Special Elements used in an OS Command). The mcp-test-runner package is designed to test Model Context Protocol (MCP) implementations, and the vulnerable code path processes MCP commands without proper input validation or escaping before passing them to the operating system shell.

RemediationAI

No vendor-released patch has been identified at the time of analysis; the project maintainers have not yet responded to the early disclosure notification. Immediate remediation options include: (1) upgrade to a patched version if released after vendor response (monitor https://github.com/privsim/mcp-test-runner for releases); (2) restrict access to mcp-test-runner instances to trusted users only via network segmentation or authentication controls, reducing the PR:L attack surface; (3) implement input validation and sanitization for all command arguments before passing to child_process.spawn, specifically rejecting or escaping shell metacharacters (|, &, ;, $, `, etc.) and enforcing allowlists of permitted commands; (4) run mcp-test-runner with least-privilege operating system accounts to limit the impact of command injection; (5) consider using Node.js APIs that tokenize arguments properly (passing arguments as array to spawn) rather than shell string interpretation if feasible within the application architecture. Monitor VulDB and the GitHub issue (https://github.com/privsim/mcp-test-runner/issues/24) for patch availability.

Share

CVE-2026-7730 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy