CVE-2026-7443
Published: 29 April 2026
Summary
CVE-2026-7443 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires information input validation at entry points, directly preventing OS command injection via manipulated Request arguments in the fuzz_domain function.
SI-2 mandates monitoring, prioritization, and timely remediation of identified flaws like CVE-2026-7443, enabling patch application or component replacement.
AC-6 enforces least privilege on processes handling the vulnerable MCP Interface, limiting the scope and impact of injected OS commands.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a remotely accessible, unauthenticated public-facing application directly enables T1190 for initial access and facilitates T1059 for arbitrary command execution on the host.
NVD Description
A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command…
more
injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7443 is an OS command injection vulnerability affecting BurtTheCoder's mcp-dnstwist software up to version 1.0.4. The issue resides in the fuzz_domain function within the src/index.ts file of the MCP Interface component. By manipulating the Request argument, an attacker can inject arbitrary operating system commands, as classified under CWE-77 (Command Injection) and CWE-78 (OS Command Injection). The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.
The vulnerability is exploitable remotely by unauthenticated attackers with network access, requiring low complexity and no user interaction. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling command execution on the host system running the affected software. A public exploit is available, increasing the risk of immediate attacks.
No patches or official mitigations have been released, as the project was notified via an issue report but has not responded. Security practitioners should monitor the project's GitHub repository (https://github.com/BurtTheCoder/mcp-dnstwist/) and related issues (e.g., https://github.com/BurtTheCoder/mcp-dnstwist/issues/13) for updates, and consider avoiding or isolating the software until remediation.
A proof-of-concept exploit has been disclosed publicly (e.g., https://github.com/BruceJqs/public_exp/issues/22), but no evidence of active real-world exploitation is reported as of the CVE publication on 2026-04-29.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, mcp