Skip to main content

Command Executor Mcp Server

1 CVEs product

Monthly

CVE-2026-7593 MEDIUM POC This Month

OS command injection in Sunwood-ai-labs command-executor-mcp-server versions up to 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands via the MCP interface execute_command function. The vulnerability carries a CVSS score of 7.3 with a complete remote attack vector (AV:N/AC:L/PR:N/UI:N), enabling unauthorized data access, system modification, and service disruption. A proof-of-concept exploit has been publicly disclosed via GitHub issue #6, significantly lowering the barrier to exploitation. EPSS data not available, but public POC availability and unauthenticated remote vector indicate elevated real-world risk despite the moderate CVSS score.

Command Injection Command Executor Mcp Server
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

OS command injection in Sunwood-ai-labs command-executor-mcp-server versions up to 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands via the MCP interface execute_command function. The vulnerability carries a CVSS score of 7.3 with a complete remote attack vector (AV:N/AC:L/PR:N/UI:N), enabling unauthorized data access, system modification, and service disruption. A proof-of-concept exploit has been publicly disclosed via GitHub issue #6, significantly lowering the barrier to exploitation. EPSS data not available, but public POC availability and unauthenticated remote vector indicate elevated real-world risk despite the moderate CVSS score.

Command Injection Command Executor Mcp Server
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy