CVE-2026-31040
Published: 08 April 2026
Summary
CVE-2026-31040 is a critical-severity Code Injection (CWE-94) vulnerability in Statamcp Stata-Mcp. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-31040 is a critical vulnerability in the stata-mcp software prior to version 1.13.0, stemming from insufficient validation of user-supplied Stata do-file content that enables command execution. Published on 2026-04-08, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-94 (Code Injection).
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises, including arbitrary command execution on affected systems.
Mitigation is available via the stata-mcp GitHub repository, where version 1.13.0 incorporates the fix through commit 52413ce and pull request 21, as detailed in issue 20. Security practitioners should prioritize updating to v1.13.0 or later to address the vulnerability.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-20475
Vulnerability details
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote code injection vulnerability in public-facing software (stata-mcp) enables exploitation of public-facing applications (T1190) leading to arbitrary command execution (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of user-supplied inputs such as Stata do-file content to prevent code injection and arbitrary command execution.
Mandates identification, reporting, and correction of flaws like insufficient do-file validation by patching to v1.13.0 or later.
Monitors systems for attacks and indicators of potential attacks, including anomalous command execution from do-file exploitation.