Cyber Resilience

CVE-2026-7590

Medium

Published: 01 May 2026

Published
01 May 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0212 84.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7590 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

A vulnerability identified as CVE-2026-7590 affects the Preview Endpoint component in the eyal-gor p_69_branch_monkey_mcp project up to commit 69bc71874ce40050ef45fde5a435855f18af3373. Specifically, an unknown function in branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py allows OS command injection through manipulation of the dev_script argument, corresponding to CWE-77 and CWE-78. The product does not use versioning, so affected release details are unavailable, and the project received early notification via an issue report without subsequent response.

Remote attackers can exploit the flaw without requiring authentication or user interaction, enabling execution of arbitrary operating system commands with limited impact on confidentiality, integrity, and availability as reflected in the CVSS 5.5 score. A publicly available exploit increases the practical risk for any deployments of this component.

The listed references point to the project's GitHub repository, an associated issue tracker entry, and Vuldb records, but contain no details on official patches or mitigations. The EPSS score remains low with negligible movement between its current value of 0.0212 and peak of 0.0218.

EU & UK References

Vulnerability details

A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument dev_script leads to os command injection. The attack can…

more

be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in public-facing Preview Endpoint enables remote arbitrary command execution, directly mapping to T1190 for initial access via public app exploitation and T1059 for command interpreter usage.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-59736Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78
CVE-2025-59740Shared CWE-77, CWE-78
CVE-2026-4585Shared CWE-77, CWE-78
CVE-2026-7698Shared CWE-77, CWE-78
CVE-2026-1544Shared CWE-77, CWE-78
CVE-2025-1536Shared CWE-77, CWE-78
CVE-2025-15501Shared CWE-77, CWE-78
CVE-2026-9452Shared CWE-77, CWE-78
CVE-2026-4170Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents OS command injection by requiring validation and sanitization of untrusted inputs like the dev_script argument at application entry points.

prevent

Ensures timely remediation of known software flaws such as this command injection vulnerability through identification, reporting, and patching.

detect

Vulnerability scanning identifies command injection flaws in the Preview Endpoint component, enabling proactive mitigation before exploitation.

References