Cyber Resilience

CVE-2026-6130

Medium

Published: 12 April 2026

Published
12 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0171 82.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6130 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

A flaw has been identified in chatboxai chatbox up to version 1.20.0 in the StdioClientTransport function of src/main/mcp/ipc-stdio-transport.ts within the Model Context Protocol Server Management System component. Improper handling of the args and env arguments permits operating system command injection, tracked as CWE-77 and CWE-78, with a CVSS 4.0 score of 6.9 reflecting a remote, low-complexity attack that requires no privileges or user interaction.

An unauthenticated remote attacker can supply crafted values to the affected arguments and achieve command execution on the underlying operating system. Public exploit code has already been released and may be used against unpatched instances.

The issue was disclosed early through a GitHub issue report in the project repository, but the maintainers have not responded. No official patches or mitigation guidance are referenced in the available advisories.

EPSS scores remain low and essentially flat at a current value of 0.0171 with a peak of 0.0176.

EU & UK References

Vulnerability details

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os…

more

command injection. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp, model context protocol

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote OS command injection in network-accessible application directly enables T1190 (Exploit Public-Facing Application) for unauthenticated exploitation and T1059 (Command and Scripting Interpreter) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7064Shared CWE-77, CWE-78
CVE-2025-9262Shared CWE-77, CWE-78
CVE-2026-7593Shared CWE-77, CWE-78
CVE-2026-7443Shared CWE-77, CWE-78
CVE-2026-7785Shared CWE-77, CWE-78
CVE-2026-5802Shared CWE-77, CWE-78
CVE-2025-11285Shared CWE-77, CWE-78
CVE-2026-6942Shared CWE-78
CVE-2025-59736Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly mandates identification, reporting, and correction of flaws like the OS command injection in CVE-2026-6130, including applying patches or workarounds when available.

detect

Requires vulnerability scanning that detects the command injection vulnerability in chatboxai chatbox, enabling timely remediation.

prevent

Enforces validation of manipulated inputs such as args/env passed to the StdioClientTransport function to block command injection payloads.

References