CVE-2026-27203
Published: 21 February 2026
Summary
CVE-2026-27203 is a high-severity External Control of System or Configuration Setting (CWE-15) vulnerability. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of inputs to the updateEnvFile function to block injection of arbitrary environment variables via unvalidated newlines or quotes.
Mandates timely identification, reporting, and correction of the input validation flaw in src/auth/oauth.ts to remediate the vulnerability.
Restricts access to and verifies changes to configuration files like .env, limiting low-privilege attackers' ability to invoke the vulnerable ebay_set_user_tokens tool.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Env var injection vuln in network-accessible server directly enables T1190 exploitation for RCE/impact; facilitates T1574.006/007 hijacking via malicious PATH/LD_PRELOAD-style vars from .env overwrite.
NVD Description
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env…
more
file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication.
Deeper analysisAI
CVE-2026-27203 is an Environment Variable Injection vulnerability affecting all versions of the eBay API MCP Server, an open-source local MCP server that provides AI assistants with comprehensive access to eBay's Sell APIs. The issue resides in the updateEnvFile function within src/auth/oauth.ts, which is invoked by the ebay_set_user_tokens tool to update the .env file with new tokens. This function blindly appends or replaces values without validating them for newlines or quotes, enabling attackers to inject arbitrary environment variables into the configuration file.
The vulnerability has a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H), indicating network accessibility, low attack complexity, and low privileges required. An attacker with low privileges, such as an authenticated user able to invoke the ebay_set_user_tokens tool, can inject malicious environment variables. This may result in configuration overwrites, denial of service, and potential remote code execution.
Mitigation details are available in the GitHub security advisory at https://github.com/YosefHayim/ebay-mcp/security/advisories/GHSA-97rm-xj73-33jh and a related commit at https://github.com/YosefHayim/ebay-mcp/commit/aab0bda75ea9dd27aa37d0d8524d7cf41b3c4a9a. There was no fix for this issue at the time of publication on 2026-02-21. The vulnerability is associated with CWEs CWE-15 and CWE-74.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, mcp, ai