Skip to main content

Mcp Test Runner

1 CVEs product

Monthly

CVE-2026-7730 LOW POC Monitor

OS command injection in privsim mcp-test-runner 0.2.0 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the command argument passed to child_process.spawn in the MCP Interface component. The vulnerability affects version 0.2.0 with CVSS 6.3 (network-exploitable, low attack complexity, low-privileged access required). Publicly available exploit code exists and the vendor has not yet responded to early disclosure notification.

Command Injection Mcp Test Runner
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in privsim mcp-test-runner 0.2.0 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the command argument passed to child_process.spawn in the MCP Interface component. The vulnerability affects version 0.2.0 with CVSS 6.3 (network-exploitable, low attack complexity, low-privileged access required). Publicly available exploit code exists and the vendor has not yet responded to early disclosure notification.

Command Injection Mcp Test Runner
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy