CVE-2026-6130
Published: 12 April 2026
Summary
CVE-2026-6130 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identification, reporting, and correction of flaws like the OS command injection in CVE-2026-6130, including applying patches or workarounds when available.
Requires vulnerability scanning that detects the command injection vulnerability in chatboxai chatbox, enabling timely remediation.
Enforces validation of manipulated inputs such as args/env passed to the StdioClientTransport function to block command injection payloads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote OS command injection in network-accessible application directly enables T1190 (Exploit Public-Facing Application) for unauthenticated exploitation and T1059 (Command and Scripting Interpreter) for arbitrary command execution.
NVD Description
A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os…
more
command injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-6130 is an OS command injection vulnerability in chatboxai chatbox versions up to 1.20.0. The flaw affects the StdioClientTransport function in the file src/main/mcp/ipc-stdio-transport.ts within the Model Context Protocol Server Management System component. It arises from improper handling that allows manipulation of the args/env arguments, enabling arbitrary command execution.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low attack complexity. Successful exploitation grants low-level impacts on confidentiality, integrity, and availability, as scored at CVSS 7.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and mapped to CWE-77 and CWE-78.
Advisories from VulDB and GitHub issue #3627 indicate no patches or responses from the project despite early notification. An exploit has been published and may be actively used, with details referenced in the GitHub repository, specific issue threads, and VulDB entries.
This vulnerability carries notable context in AI/ML-adjacent software, as chatboxai involves model context protocols, and real-world exploitation is possible given the public proof-of-concept.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, model context protocol