Which versions of ssh-mcp are affected by EUVD-2026-25716?

ssh-mcp versions up to 1.5.0 contain a command injection vulnerability in the shell.write function that allows authenticated local users to execute arbitrary commands, requiring immediate inventory…

Is there a public PoC exploit available for EUVD-2026-25716?

Yes, a public proof-of-concept exploit is available for EUVD-2026-25716. Prioritise patching immediately. EPSS: 0.1%.

ssh-mcp EUVD-2026-25716

Q: What is the CVSS score of EUVD-2026-25716?

EUVD-2026-25716 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-7039 HIGH

Command Injection (CWE-77)

2026-04-26 VulDB

Command Injection

7.1

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:30 vuln.today

v3 (cvss_changed)

CVSS changed

Apr 29, 2026 - 01:12 NVD

8.5 (HIGH) 7.1 (HIGH)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Analysis Updated

Apr 26, 2026 - 13:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 26, 2026 - 13:22 vuln.today

cvss_changed

CVSS changed

Apr 26, 2026 - 13:22 NVD

7.8 (HIGH) 8.5 (HIGH)

Analysis Generated

Apr 26, 2026 - 13:15 vuln.today

EUVD ID Assigned

Apr 26, 2026 - 13:00 euvd

EUVD-2026-25716

Analysis Generated

Apr 26, 2026 - 13:00 vuln.today

CVE Published

Apr 26, 2026 - 12:30 nvd

HIGH 7.1

DescriptionNVD

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Command injection in ssh-mcp versions up to 1.5.0 allows authenticated local users to execute arbitrary OS commands via the Description parameter to the shell.write function in src/index.ts. Publicly available exploit code exists (GitHub issue #44) demonstrating the vulnerability. …

RemediationAI

Within 24 hours: inventory all systems running ssh-mcp and document user access levels and network placement. Within 7 days: restrict local shell access to ssh-mcp to trusted administrative accounts only; disable the Description parameter functionality if operationally feasible, or implement input validation/sanitization at the application layer. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-25716 vulnerability details – vuln.today

Back

ssh-mcp EUVD-2026-25716

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

ssh-mcp EUVD-2026-25716

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code