CVE-2026-7064
Published: 26 April 2026
Summary
CVE-2026-7064 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 33.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-2 (Separation of System and User Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates OS command injection in browser-connector.ts by requiring validation and sanitization of untrusted remote inputs before processing.
Prevents user inputs from being interpreted as system commands, addressing the core separation failure exploited in this command injection vulnerability.
Ensures timely remediation of the specific flaw in AgentDeskAI browser-tools-mcp up to 1.2.0 through patching or equivalent measures.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in network-accessible component enables remote exploitation of public-facing application (T1190) and arbitrary command execution via interpreters (T1059).
NVD Description
A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has…
more
been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7064 is an OS command injection vulnerability (CWE-77, CWE-78) in AgentDeskAI browser-tools-mcp versions up to 1.2.0. The flaw resides in the processing of the file browser-tools-server/browser-connector.ts, where a manipulation allows arbitrary OS command execution. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low complexity.
Remote attackers require no privileges or user interaction to exploit this issue over the network. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, potentially allowing command execution on the affected system through crafted inputs to the vulnerable component.
Advisories from VulDB detail the issue, noting that an exploit has been published and is available for use. The project was notified early via GitHub issue #232 but has not responded or issued patches as of the CVE publication on 2026-04-26. Practitioners should monitor the repository at https://github.com/AgentDeskAI/browser-tools-mcp/ for updates and consider isolating or upgrading affected instances.
Notable context includes the public availability of the exploit, increasing the risk of active exploitation, with no confirmed patches or vendor response to date.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp