Cyber Resilience

CVE-2026-7443

Medium

Published: 29 April 2026

Published
29 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0171 82.8th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7443 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A weakness has been identified in BurtTheCoder mcp-dnstwist up to version 1.0.4, specifically in the fuzz_domain function of the src/index.ts file within the MCP Interface component. The issue stems from improper handling of the Request argument, enabling OS command injection as classified under CWE-77 and CWE-78. The vulnerability is remotely exploitable with a CVSS 4.0 score of 5.5 reflecting limited impacts to confidentiality, integrity, and availability when successfully triggered.

An unauthenticated attacker can launch the attack over the network by supplying a crafted Request value to the affected function. Successful exploitation grants the ability to execute operating system commands on the target system. Public exploit code has already been released, and the maintainers were notified via an issue report but have not issued a response or fix.

The referenced GitHub repository, issue tracker, and Vuldb entries document the disclosure but contain no details on available patches, workarounds, or mitigation steps. The associated EPSS score remains low at 0.0171 with a peak of only 0.0176.

EU & UK References

Vulnerability details

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command…

more

injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in a remotely accessible, unauthenticated public-facing application directly enables T1190 for initial access and facilitates T1059 for arbitrary command execution on the host.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7064Shared CWE-77, CWE-78
CVE-2026-6130Shared CWE-77, CWE-78
CVE-2025-9262Shared CWE-77, CWE-78
CVE-2026-7593Shared CWE-77, CWE-78
CVE-2026-7785Shared CWE-77, CWE-78
CVE-2026-5802Shared CWE-77, CWE-78
CVE-2025-11285Shared CWE-77, CWE-78
CVE-2026-6942Shared CWE-78
CVE-2025-59736Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 requires information input validation at entry points, directly preventing OS command injection via manipulated Request arguments in the fuzz_domain function.

detectrecover

SI-2 mandates monitoring, prioritization, and timely remediation of identified flaws like CVE-2026-7443, enabling patch application or component replacement.

prevent

AC-6 enforces least privilege on processes handling the vulnerable MCP Interface, limiting the scope and impact of injected OS commands.

References