CVE-2026-7443
Published: 29 April 2026
Summary
CVE-2026-7443 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A weakness has been identified in BurtTheCoder mcp-dnstwist up to version 1.0.4, specifically in the fuzz_domain function of the src/index.ts file within the MCP Interface component. The issue stems from improper handling of the Request argument, enabling OS command injection as classified under CWE-77 and CWE-78. The vulnerability is remotely exploitable with a CVSS 4.0 score of 5.5 reflecting limited impacts to confidentiality, integrity, and availability when successfully triggered.
An unauthenticated attacker can launch the attack over the network by supplying a crafted Request value to the affected function. Successful exploitation grants the ability to execute operating system commands on the target system. Public exploit code has already been released, and the maintainers were notified via an issue report but have not issued a response or fix.
The referenced GitHub repository, issue tracker, and Vuldb entries document the disclosure but contain no details on available patches, workarounds, or mitigation steps. The associated EPSS score remains low at 0.0171 with a peak of only 0.0176.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26300
Vulnerability details
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command…
more
injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a remotely accessible, unauthenticated public-facing application directly enables T1190 for initial access and facilitates T1059 for arbitrary command execution on the host.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 requires information input validation at entry points, directly preventing OS command injection via manipulated Request arguments in the fuzz_domain function.
SI-2 mandates monitoring, prioritization, and timely remediation of identified flaws like CVE-2026-7443, enabling patch application or component replacement.
AC-6 enforces least privilege on processes handling the vulnerable MCP Interface, limiting the scope and impact of injected OS commands.