Cyber Resilience

CVE-2026-6494

Medium

Published: 17 April 2026

Published
17 April 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.0031 23.1th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-6494 is a medium-severity Improper Output Neutralization for Logs (CWE-117) vulnerability. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Impersonation (T1684.001); ranked at the 23.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing…

more

the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
T1684 Social Engineering Stealth
Adversaries may use social engineering techniques to influence users to take actions that result in unauthorized access, approval of changes, disclosure of sensitive information, or execution of adversary-supplied instructions (i.
Why these techniques?

Log injection enables forged entries to deceive operators, directly facilitating impersonation and social engineering tactics.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-117

Policy and procedures require sanitization and neutralization when generating audit logs to avoid injection issues.

addresses: CWE-117

Requiring output to conform to expected content prevents unneutralized data from reaching logs.

References