CVE-2026-7446
Published: 30 April 2026
Summary
CVE-2026-7446 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 17.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability was detected in VetCoders mcp-server-semgrep version 1.0.0 within the MCP Interface component. The issue resides in the functions analyze_results, filter_results, export_results, compare_results, scan_directory, and create_rule in the file src/index.ts, where manipulation of the ID argument enables OS command injection. The flaw is tracked under CWE-77 and CWE-78 and carries a CVSS 4.0 score of 5.5.
The attack can be executed remotely by an unauthenticated adversary who supplies a crafted ID value, resulting in arbitrary operating system command execution on the affected system. Public exploit code for the issue is already available.
The project maintainers have addressed the vulnerability in release 1.0.1. The fix is contained in commit 141335da044e53c3f5b315e0386e01238405b771, and upgrading the affected component to this version is the recommended mitigation. The EPSS score has remained essentially flat between a current value of 0.0174 and a peak of 0.0179.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26302
Vulnerability details
A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The…
more
exploit is now public and may be used. Upgrading to version 1.0.1 is able to mitigate this issue. The patch is identified as 141335da044e53c3f5b315e0386e01238405b771. It is advisable to upgrade the affected component.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing server component (MCP interface) enables remote unauthenticated exploitation of the application (T1190) and arbitrary command execution via Unix shell (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the OS command injection vulnerability by requiring timely identification, reporting, and application of patches such as the upgrade to mcp-server-semgrep version 1.0.1.
Requires validation of information inputs like the manipulable 'ID' argument to block OS command injection in affected functions such as analyze_results and scan_directory.
Enables detection of this specific CVE through vulnerability scanning of the mcp-server-semgrep component, facilitating timely remediation.