Cyber Resilience

CVE-2026-7215

Medium

Published: 28 April 2026

Published
28 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0212 84.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7215 is a medium-severity Injection (CWE-74) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A security flaw has been discovered in egtai gmx-vmd-mcp up to version 0.1.0. The issue resides in the launch_vmd_gui_tool function within mcp_server.py of the VMD Launch Handler component, where manipulation of the structure_file or trajectory_file arguments enables command injection. The vulnerability is tracked under CWE-74 and CWE-77, carries a CVSS 4.0 score of 5.5, and permits remote attacks without requiring authentication or user interaction.

Remote attackers can supply crafted arguments to execute arbitrary commands on the affected system, resulting in limited impacts to confidentiality, integrity, and availability. A public exploit has already been released, increasing the likelihood of active abuse against unpatched instances.

The referenced GitHub repository and associated issue report indicate that maintainers were notified via an issue submission but have not issued a response or patch. No mitigation guidance or updated releases are documented in the available references.

The EPSS score remains low with negligible movement between its current value of 0.0212 and recorded peak of 0.0218, and no confirmed real-world exploitation campaigns have been reported.

EU & UK References

Vulnerability details

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulation of the argument structure_file/trajectory_file results in command injection. The attack…

more

may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Remote command injection in public-facing server component (mcp_server.py) directly enables exploitation of public-facing applications (T1190) and arbitrary command execution via scripting interpreter (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7812Shared CWE-74, CWE-77
CVE-2026-7211Shared CWE-74, CWE-77
CVE-2026-2178Shared CWE-74, CWE-77
CVE-2026-7157Shared CWE-74, CWE-77
CVE-2026-6980Shared CWE-74, CWE-77
CVE-2026-7316Shared CWE-74, CWE-77
CVE-2025-15131Shared CWE-74, CWE-77
CVE-2026-30616Shared CWE-77
CVE-2026-1687Shared CWE-74, CWE-77
CVE-2026-1414Shared CWE-74, CWE-77

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates command injection by validating and sanitizing the structure_file and trajectory_file arguments in launch_vmd_gui_tool to prevent malicious command execution.

prevent

Requires timely identification, reporting, and remediation of the known command injection flaw in egtai gmx-vmd-mcp up to version 0.1.0 once patches become available.

prevent

Enforces least privilege on the mcp_server.py process to limit the scope and impact of any successfully injected commands.

References