Cyber Resilience

CVE-2026-2178

MediumPublic PoC

Published: 08 February 2026

Published
08 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0295 85.4th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-2178 is a medium-severity Injection (CWE-74) vulnerability in R-Huijts Xcode Mcp Server. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2178 is a command injection vulnerability in the r-huijts/xcode-mcp-server project, affecting commits up to f3419f00117aa9949e326f78cc940166c88f18cb. The flaw resides in the registerXcodeTools function within the file src/tools/xcode/index.ts of the run_lldb component, where manipulation of the 'args' argument enables injection. This issue, published on 2026-02-08, carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs-74 and CWE-77.

The vulnerability allows remote exploitation by attackers possessing low privileges, requiring low attack complexity and no user interaction. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as executing arbitrary commands on the server. A public exploit exists, heightening the risk for affected deployments.

Due to the project's rolling release model, specific affected and fixed version numbers are unavailable. Mitigation requires applying the patch commit 11f8d6bacadd153beee649f92a78a9dad761f56f from the GitHub repository. Further details, including discovery and resolution, are documented in GitHub issue #13 and related discussions.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component run_lldb. The manipulation of the argument args results in command injection. It is possible to launch the attack…

more

remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The patch is identified as 11f8d6bacadd153beee649f92a78a9dad761f56f. Applying a patch is advised to resolve this issue.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection vulnerability in network-accessible server (AV:N/PR:L) enables exploitation of public-facing application (T1190) and arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7812Shared CWE-74, CWE-77
CVE-2026-7211Shared CWE-74, CWE-77
CVE-2026-7215Shared CWE-74, CWE-77
CVE-2026-7316Shared CWE-74, CWE-77
CVE-2026-7157Shared CWE-74, CWE-77
CVE-2026-6980Shared CWE-74, CWE-77
CVE-2026-1414Shared CWE-74, CWE-77
CVE-2025-15133Shared CWE-74, CWE-77
CVE-2026-2956Shared CWE-74, CWE-77
CVE-2025-15132Shared CWE-74, CWE-77

Affected Assets

r-huijts
xcode mcp server
≤ 2025-08-26

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the command injection vulnerability by requiring timely application of the specific patch commit 11f8d6bacadd153beee649f92a78a9dad761f56f.

prevent

Prevents command injection by validating the manipulated 'args' argument in the registerXcodeTools function before passing it to run_lldb.

detect

Detects the CVE-2026-2178 command injection flaw through vulnerability scanning, enabling identification and remediation in rolling release environments.

References