Which versions of command-executor-mcp-server are affected by EUVD-2026-26717?

Sunwood-ai-labs command-executor-mcp-server versions up to 0.1.0 contains an unauthenticated remote command injection vulnerability that allows attackers to execute arbitrary system commands without…

Is there a public PoC exploit available for EUVD-2026-26717?

Yes, a public proof-of-concept exploit is available for EUVD-2026-26717. Prioritise patching immediately. EPSS: 1.0%.

command-executor-mcp-server EUVD-2026-26717

Q: What is the CVSS score of EUVD-2026-26717?

EUVD-2026-26717 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 1.0%.

| CVE-2026-7593 MEDIUM

OS Command Injection (CWE-78)

2026-05-01 VulDB

Command Injection

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

May 01, 2026 - 21:22 NVD

HIGH MEDIUM

CVSS changed

May 01, 2026 - 21:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

PoC Detected

May 01, 2026 - 21:16 vuln.today

Public exploit code

Analysis Generated

May 01, 2026 - 21:00 vuln.today

EUVD ID Assigned

May 01, 2026 - 20:31 euvd

EUVD-2026-26717

Analysis Generated

May 01, 2026 - 20:31 vuln.today

CVE Published

May 01, 2026 - 20:15 nvd

MEDIUM 5.5

DescriptionNVD

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in Sunwood-ai-labs command-executor-mcp-server versions up to 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands via the MCP interface execute_command function. The vulnerability carries a CVSS score of 7.3 with a complete remote attack vector (AV:N/AC:L/PR:N/UI:N), enabling unauthorized data access, system modification, and service disruption. …

RemediationAI

Within 24 hours: identify all instances of command-executor-mcp-server running in production and development environments using version 0.1.0 or earlier; document inventory and assess business criticality. Within 7 days: discontinue use of affected versions by isolating or decommissioning instances; contact Sunwood-ai-labs for patch availability timeline and interim guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26717 vulnerability details – vuln.today

Back

command-executor-mcp-server EUVD-2026-26717

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

command-executor-mcp-server EUVD-2026-26717

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code