Skip to main content

code-mcp EUVDEUVD-2026-27217

| CVE-2026-7812 MEDIUM
Command Injection (CWE-77)
2026-05-05 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 05, 2026 - 05:30 vuln.today
Severity Changed
May 05, 2026 - 05:22 NVD
HIGH MEDIUM
CVSS changed
May 05, 2026 - 05:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)

DescriptionCVE.org

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Command injection in code-mcp's git_operation function allows remote attackers to execute arbitrary system commands by manipulating the operation argument. The vulnerability affects all versions up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 and has publicly available exploit code. Continuous delivery model means no versioned releases exist, complicating patching timelines.

Technical ContextAI

The MCP Tool component in src/code_mcp/server.py implements a git_operation function that processes user-supplied operation arguments without proper sanitization. This is a classic CWE-77 (Improper Neutralization of Special Elements used in a Command) vulnerability where unsanitized input is passed to shell execution, likely via Python's subprocess or os.system calls. The git_operation function likely constructs shell commands dynamically using the operation parameter, enabling injection of arbitrary commands within the git execution context. The remote network attack vector indicates the MCP server exposes this functionality via network-accessible RPC or API endpoints.

RemediationAI

Pull the latest commit from the main repository (https://github.com/54yyyu/code-mcp/) to obtain any available fixes; however, vendor response is pending as of the report date. The recommended immediate mitigation is to restrict network access to the code-mcp MCP server to trusted internal networks only, blocking direct remote exposure. Implement input validation by whitelist-matching the operation argument against a fixed set of allowed git subcommands (e.g., 'clone', 'pull', 'push', 'fetch') and reject any operation containing shell metacharacters (|, ;, &, $, `, parentheses, redirects). This validation must occur in the git_operation function before any command construction. Alternatively, refactor git_operation to use Python's subprocess module with shell=False and pass arguments as a list rather than concatenating strings - this prevents shell injection entirely. Monitor the GitHub issue (https://github.com/54yyyu/code-mcp/issues/5) for vendor patches. Until a patched version is available, isolate code-mcp instances to air-gapped or segmented networks.

Share

EUVD-2026-27217 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy