Cyber Resilience

CVE-2026-0756

CriticalRCE

Published: 23 January 2026

Published
23 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0181 75.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-0756 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 24.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-0756 is a command injection vulnerability in github-kanban-mcp-server that permits remote code execution. The flaw resides in the handling of the create_issue parameter within the execAsync function, where unsanitized user input is passed directly to a system call. The issue is tracked as ZDI-CAN-27784 and is assigned CWE-78.

Unauthenticated remote attackers can supply a crafted string to the create_issue parameter and execute arbitrary commands in the context of the service account. The vulnerability carries a CVSS v3 score of 9.8, reflecting network-accessible exploitation with no required privileges or user interaction.

The Zero Day Initiative published advisory ZDI-26-022 for this issue.

EPSS for the CVE rose from a low baseline to a peak of 0.0127 before settling at the current value of 0.0036, indicating measurable post-disclosure interest in exploitation.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the create_issue…

more

parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27784.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

CVEs Like This One

CVE-2026-30861Shared CWE-78
CVE-2025-58370Shared CWE-78
CVE-2026-23882Shared CWE-78
CVE-2025-64340Shared CWE-78
CVE-2026-5058Shared CWE-78
CVE-2025-54074Shared CWE-78
CVE-2026-40111Shared CWE-78
CVE-2026-30635Shared CWE-78
CVE-2025-15061Shared CWE-78
CVE-2026-26029Shared CWE-78

Affected Assets

Zerodayinitiative
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of the create_issue parameter before it is passed to execAsync, blocking the unsanitized string that enables command injection.

prevent

Limits the service account to least-privilege rights so that even successful exploitation of the create_issue flaw yields minimal system impact.

respondrecover

Mandates prompt application of the vendor patch that eliminates the execAsync input-handling flaw described in ZDI-26-022.

References