Skip to main content

Simple Openstack Mcp

1 CVEs product

Monthly

CVE-2026-7066 MEDIUM POC This Month

Remote OS command injection in simple-openstack-mcp allows unauthenticated attackers to execute arbitrary system commands via the exec_openstack function in server.py. The vulnerability affects all deployments up to commit 767b2f4a8154cca344344b9725537a58399e6036, with confirmed publicly available exploit code (GitHub issue #3). CVSS 7.3 severity reflects network attack vector with no authentication required, enabling direct system compromise. Project maintainer has not responded to vulnerability disclosure at time of analysis.

Command Injection Simple Openstack Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Remote OS command injection in simple-openstack-mcp allows unauthenticated attackers to execute arbitrary system commands via the exec_openstack function in server.py. The vulnerability affects all deployments up to commit 767b2f4a8154cca344344b9725537a58399e6036, with confirmed publicly available exploit code (GitHub issue #3). CVSS 7.3 severity reflects network attack vector with no authentication required, enabling direct system compromise. Project maintainer has not responded to vulnerability disclosure at time of analysis.

Command Injection Simple Openstack Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy