CVE-2026-7220
Published: 28 April 2026
Summary
CVE-2026-7220 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability identified as CVE-2026-7220 affects the jackwrichards FastlyMCP project up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620. It resides in an unknown function within the fastly-mcp.mjs file of the fastly_cli Tool component, where manipulation of the command argument enables OS command injection. The issue stems from improper handling of user-supplied input and is classified under CWE-77 and CWE-78. The product follows a rolling release model, so no specific version numbers are provided for affected or fixed releases.
Remote attackers can exploit the flaw without requiring authentication or user interaction, allowing them to execute arbitrary operating system commands. Successful exploitation yields limited impacts on confidentiality, integrity, and availability according to the CVSS 5.5 rating, with public exploit code already disclosed that may be leveraged in attacks.
The referenced GitHub repository and associated issue report indicate that maintainers were notified early via an issue submission, yet no response or patch has been issued. No mitigation guidance or updated releases are documented in the available references.
EPSS scores remain low, with a current value of 0.0212 and a peak of 0.0218, showing no material increase that would indicate rising exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25977
Vulnerability details
A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. It is possible to…
more
initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a remotely accessible component allows arbitrary OS command execution with no auth or user interaction, directly enabling T1190 (Exploit Public-Facing Application) and T1059.004 (Unix Shell) for command interpreter abuse.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely identification, reporting, and correction of the specific OS command injection flaw in the fastly_cli tool up to the affected commit.
Mandates input validation and error handling for the 'command' argument at system entry points to detect and prevent OS command injection attacks.
Enforces least privilege on the process handling the vulnerable fastly-mcp.mjs function, limiting the scope and impact of any successfully injected OS commands.