Skip to main content

Ssh Mcp

1 CVEs product

Monthly

CVE-2026-7039 HIGH POC This Week

Command injection in ssh-mcp versions up to 1.5.0 allows authenticated local users to execute arbitrary OS commands via the Description parameter to the shell.write function in src/index.ts. Publicly available exploit code exists (GitHub issue #44) demonstrating the vulnerability. Despite CVSS 7.1 severity, real-world risk is moderate due to local-only attack vector and low EPSS score (0.06%, 18th percentile), indicating minimal observed exploitation attempts. Vendor has not responded to early disclosure via issue report.

Command Injection Ssh Mcp
NVD VulDB GitHub
CVSS 4.0
7.1
EPSS
0.1%
EPSS 0% CVSS 7.1
HIGH POC This Week

Command injection in ssh-mcp versions up to 1.5.0 allows authenticated local users to execute arbitrary OS commands via the Description parameter to the shell.write function in src/index.ts. Publicly available exploit code exists (GitHub issue #44) demonstrating the vulnerability. Despite CVSS 7.1 severity, real-world risk is moderate due to local-only attack vector and low EPSS score (0.06%, 18th percentile), indicating minimal observed exploitation attempts. Vendor has not responded to early disclosure via issue report.

Command Injection Ssh Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy