CVE-2026-7066
Published: 27 April 2026
Summary
CVE-2026-7066 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of untrusted inputs to the exec_openstack function in server.py to prevent OS command injection.
Ensures timely remediation of the known flaw up to commit 767b2f4a8154cca344344b9725537a58399e6036 through patching or code correction.
Restricts the format, length, and types of remotely submitted inputs to block common command injection payloads.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in remotely accessible server.py endpoint enables T1190 (Exploit Public-Facing Application) for initial remote access and T1059.004 (Unix Shell) for arbitrary OS command execution.
NVD Description
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been…
more
made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7066 is an OS command injection vulnerability (CWE-77, CWE-78) in the choieastsea/simple-openstack-mcp project up to commit 767b2f4a8154cca344344b9725537a58399e6036. The issue affects the exec_openstack function within the server.py file, where untrusted input can lead to arbitrary command execution on the underlying operating system.
The vulnerability is exploitable remotely over the network with low complexity and no required privileges or user interaction (CVSSv3.1 base score of 7.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Attackers can send crafted input to the affected endpoint, resulting in limited impacts to confidentiality, integrity, and availability, such as reading limited files, modifying configuration, or disrupting service.
References indicate the project uses a rolling release model, so specific affected or patched versions are unavailable. The issue was reported early via GitHub issue #3, but the maintainers have not responded. An exploit is publicly available, and further details are documented on VulDB entries linked from the advisory.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp