CVE-2026-2131

MediumPublic PoC

Published: 08 February 2026

Published

08 February 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0038 59.4th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2131 is a medium-severity Command Injection (CWE-77) vulnerability in Xixianliang Harmonyos Mcp Server. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 40.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by requiring validation and sanitization of the untrusted text argument in the input_text function.

SI-2 Flaw Remediation good match

prevent

Remediates the specific flaw in HarmonyOS-mcp-server 0.1.0 by identifying, reporting, and correcting the command injection vulnerability.

SI-9 Information Input Restrictions good match

prevent

Enforces restrictions such as format and content checks on the text input at system boundaries to block command injection payloads.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

OS command injection directly enables arbitrary Unix shell command execution (T1059.004) via exploitation of the remote service (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be…

used.

Deeper analysisAI

CVE-2026-2131, published on 2026-02-08, is an OS command injection vulnerability in XixianLiang HarmonyOS-mcp-server version 0.1.0. The issue affects the input_text function, where manipulation of the text argument enables command injection. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs-77 and CWE-78.

Remote exploitation is possible by an attacker possessing low privileges. Successful attacks allow limited impacts on confidentiality, integrity, and availability via injected OS commands.

Advisories and further details, including a public exploit, are documented in references such as https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md, https://vuldb.com/?ctiid.344766, https://vuldb.com/?id.344766, and https://vuldb.com/?submit.747209. The exploit is publicly available and might be used.

The vulnerability description notes that remote exploitation is feasible, with the public exploit increasing potential for real-world abuse.

Details

CWE(s): CWE-77 CWE-78

Affected Products

xixianliang

harmonyos mcp server

0.1.0

AI Security AnalysisAI

AI Category: AI Agent Protocols and Integrations
Risk Domain: Protocol-Specific Risks
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: mcp

CVEs Like This One

CVE-2026-26068Shared CWE-77, CWE-78

CVE-2026-4558Shared CWE-77, CWE-78

CVE-2025-50989Shared CWE-77, CWE-78

CVE-2026-41497Shared CWE-77, CWE-78

CVE-2026-7416Shared CWE-77, CWE-78

CVE-2026-7220Shared CWE-77, CWE-78

CVE-2026-5741Shared CWE-77, CWE-78

CVE-2026-7446Shared CWE-77, CWE-78

CVE-2026-7066Shared CWE-77, CWE-78

CVE-2025-11490Shared CWE-77, CWE-78

References

https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.344766
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344766
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.747209
Third Party Advisory, VDB Entry · cna@vuldb.com