CVE-2026-7220
Published: 28 April 2026
Summary
CVE-2026-7220 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of the specific OS command injection flaw in the fastly_cli tool up to the affected commit.
Mandates input validation and error handling for the 'command' argument at system entry points to detect and prevent OS command injection attacks.
Enforces least privilege on the process handling the vulnerable fastly-mcp.mjs function, limiting the scope and impact of any successfully injected OS commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a remotely accessible component allows arbitrary OS command execution with no auth or user interaction, directly enabling T1190 (Exploit Public-Facing Application) and T1059.004 (Unix Shell) for command interpreter abuse.
NVD Description
A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. It is possible to…
more
initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7220 is an OS command injection vulnerability in the jackwrichards FastlyMCP project, affecting an unknown function in the fastly-mcp.mjs file of the fastly_cli tool up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620. The flaw stems from manipulation of the 'command' argument, allowing injection of arbitrary operating system commands. It is remotely exploitable and associated with CWE-77 and CWE-78.
Attackers require no privileges or user interaction, with low attack complexity over the network, enabling remote exploitation to achieve limited impacts on confidentiality, integrity, and availability (CVSS v3.1 base score of 7.3: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation allows arbitrary OS command execution on the affected system.
The project employs a rolling release model, providing no specific details on affected or patched versions. It was informed early via GitHub issue #3 but has not responded. The exploit has been publicly disclosed and may be used; mitigation guidance is limited, with further details available in VulDB advisories and the project repository at https://github.com/jackwrichards/FastlyMCP/.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp