Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument dev_script leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Remote code execution via OS command injection in eyal-gor p_69_branch_monkey_mcp Preview Endpoint allows unauthenticated remote attackers to execute arbitrary operating system commands by manipulating the dev_script parameter in the advanced.py routes file. The vulnerability affects all commits up to 69bc71874ce40050ef45fde5a435855f18af3373, with publicly available exploit code identified. The project does not use semantic versioning, complicating patch tracking and remediation timelines.
Technical ContextAI
The vulnerability exists in the Preview Endpoint component, specifically in the branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py file. The root cause is improper input validation on the dev_script parameter (CWE-77: Improper Neutralization of Special Elements used in a Command), which is passed to an OS command execution function without sanitization or escaping. This allows attackers to inject arbitrary shell metacharacters and commands that are executed with the privileges of the application process. The affected technology is a Python-based model control protocol (MCP) tool designed for branch monkey operations, exposing a preview endpoint that processes user-supplied script parameters.
RemediationAI
No vendor-released patch has been confirmed at time of analysis; the project has not responded to early notification. Immediate remediation requires manually updating the codebase to a commit that includes the fix for dev_script parameter sanitization and validation. Monitor the GitHub repository (https://github.com/eyal-gor/p_69_branch_monkey_mcp/) for a response commit that adds input validation, command escaping (using shlex.quote() or subprocess with list arguments), or disables the vulnerable endpoint. Until a fix is merged, implement compensating controls: (1) restrict network access to the Preview Endpoint to trusted internal networks only via firewall or reverse proxy rules-this eliminates the AV:N attack vector; (2) disable or remove the Preview Endpoint feature if it is not required for production workflows; (3) if the endpoint must remain active, implement input validation at the application level that rejects dev_script parameters containing shell metacharacters (|, ;, &, $, backticks, newlines). Note that firewall restriction has operational impact (limits preview functionality to internal users only) and input validation may block legitimate script names containing special characters. For critical deployments, consider forking and patching the code locally or switching to a maintained alternative until upstream provides a fix.
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26708