CVE-2026-0756
Published: 23 January 2026
Summary
CVE-2026-0756 is a critical-severity OS Command Injection (CWE-78) vulnerability in Zerodayinitiative (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 24.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Deeper analysis
CVE-2026-0756 is a command injection vulnerability in github-kanban-mcp-server that permits remote code execution. The flaw resides in the handling of the create_issue parameter within the execAsync function, where unsanitized user input is passed directly to a system call. The issue is tracked as ZDI-CAN-27784 and is assigned CWE-78.
Unauthenticated remote attackers can supply a crafted string to the create_issue parameter and execute arbitrary commands in the context of the service account. The vulnerability carries a CVSS v3 score of 9.8, reflecting network-accessible exploitation with no required privileges or user interaction.
The Zero Day Initiative published advisory ZDI-26-022 for this issue.
EPSS for the CVE rose from a low baseline to a peak of 0.0127 before settling at the current value of 0.0036, indicating measurable post-disclosure interest in exploitation.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-4481
Vulnerability details
github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the create_issue…
more
parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27784.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of the create_issue parameter before it is passed to execAsync, blocking the unsanitized string that enables command injection.
Limits the service account to least-privilege rights so that even successful exploitation of the create_issue flaw yields minimal system impact.
Mandates prompt application of the vendor patch that eliminates the execAsync input-handling flaw described in ZDI-26-022.