CVE-2026-7066
Published: 27 April 2026
Summary
CVE-2026-7066 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability identified as CVE-2026-7066 affects the choieastsea simple-openstack-mcp project up to commit 767b2f4a8154cca344344b9725537a58399e6036. The issue resides in the exec_openstack function within server.py, where improper handling of input enables OS command injection, corresponding to CWE-77 and CWE-78. The product follows a rolling-release model, so no specific version numbers distinguish affected or fixed releases.
The flaw can be exploited remotely by unauthenticated attackers who supply crafted input to trigger arbitrary operating-system commands. A public exploit is already available, and the CVSS 4.0 score of 5.5 reflects limited impacts to confidentiality, integrity, and availability without requiring user interaction or privileges.
The project was notified of the problem through an issue report but has not issued a response or patch. Reference materials, including the GitHub repository and associated Vuldb entries, contain no mitigation guidance or updated code. The associated EPSS score has remained essentially flat between 0.0212 and a peak of 0.0218, indicating no notable increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25736
Vulnerability details
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been…
more
made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in remotely accessible server.py endpoint enables T1190 (Exploit Public-Facing Application) for initial remote access and T1059.004 (Unix Shell) for arbitrary OS command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of untrusted inputs to the exec_openstack function in server.py to prevent OS command injection.
Ensures timely remediation of the known flaw up to commit 767b2f4a8154cca344344b9725537a58399e6036 through patching or code correction.
Restricts the format, length, and types of remotely submitted inputs to block common command injection payloads.