CVE-2026-7416
Published: 29 April 2026
Summary
CVE-2026-7416 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by requiring validation and sanitization of the Request argument in the build_project/run_tests functions of the MCP Interface.
Requires timely identification, reporting, and correction of the unpatched flaw in PolarVista xcode-mcp-server version 1.0.0.
Enables vulnerability scanning to identify CVE-2026-7416 in the affected component, facilitating proactive remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing server component enables remote unauth exploitation of the application (T1190) and arbitrary command execution via Unix shell (T1059.004).
NVD Description
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely.…
more
The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7416 is an OS command injection vulnerability in PolarVista xcode-mcp-server version 1.0.0. The issue resides in the build_project/run_tests functions within the src/index.ts file of the MCP Interface component, where manipulation of the Request argument enables command injection. Associated with CWE-77 and CWE-78, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-04-29.
The vulnerability allows remote exploitation without authentication or user interaction, enabling attackers to inject and execute arbitrary operating system commands. Successful exploitation could result in limited impacts to confidentiality, integrity, and availability, such as unauthorized data access, modification, or service disruption on the affected server.
References indicate no patches or official responses from the project maintainers despite early notification via GitHub issue #4 in the PolarVista/Xcode-mcp-server repository. A public exploit is available in a separate GitHub issue at BruceJqs/public_exp #19, with additional details documented on VulDB entries 360145 and submission 803974.
Notable context includes the public availability of the exploit, increasing the risk of immediate abuse, while the project's lack of response leaves users without mitigation guidance.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, mcp