CVE-2026-7215
Published: 28 April 2026
Summary
CVE-2026-7215 is a high-severity Injection (CWE-74) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates command injection by validating and sanitizing the structure_file and trajectory_file arguments in launch_vmd_gui_tool to prevent malicious command execution.
Requires timely identification, reporting, and remediation of the known command injection flaw in egtai gmx-vmd-mcp up to version 0.1.0 once patches become available.
Enforces least privilege on the mcp_server.py process to limit the scope and impact of any successfully injected commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote command injection in public-facing server component (mcp_server.py) directly enables exploitation of public-facing applications (T1190) and arbitrary command execution via scripting interpreter (T1059).
NVD Description
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulation of the argument structure_file/trajectory_file results in command injection. The attack…
more
may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7215 is a command injection vulnerability in the egtai gmx-vmd-mcp project, affecting versions up to 0.1.0. The flaw resides in the launch_vmd_gui_tool function within the mcp_server.py file of the VMD Launch Handler component. It arises from improper handling of the structure_file or trajectory_file arguments, allowing malicious input to inject commands.
The vulnerability can be exploited remotely by unauthenticated attackers with low complexity, requiring no privileges or user interaction, as indicated by its CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation enables limited impacts on confidentiality, integrity, and availability, potentially allowing attackers to execute arbitrary commands on the affected system.
Advisories from VulDB and the project's GitHub repository detail the issue, with an early issue report submitted via https://github.com/egtai/gmx-vmd-mcp/issues/2, but the maintainers have not yet responded or issued patches. No mitigations or fixes are currently available.
An exploit for this vulnerability has been publicly released, increasing the risk of active attacks against unpatched instances.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp