CVE-2026-7593
Published: 01 May 2026
Summary
CVE-2026-7593 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by requiring validation and sanitization of inputs to the vulnerable execute_command function.
Remediates the specific flaw in the execute_command function through identification, reporting, and timely patching.
Limits damage from injected commands by enforcing least privilege on the command-executor server process.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in a network-accessible server directly enables remote exploitation of public-facing applications (T1190) and arbitrary command execution via the OS command interpreter (T1059).
NVD Description
A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible.…
more
The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7593 is an OS command injection vulnerability in the Sunwood-ai-labs command-executor-mcp-server up to version 0.1.0. The flaw affects the execute_command function in the src/index.ts file of the MCP Interface component, stemming from CWE-77 and CWE-78. It was published on 2026-05-01 and carries a CVSS 3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
Remote attackers can exploit this vulnerability over the network without authentication or user interaction. By manipulating inputs to the execute_command function, adversaries can inject and execute arbitrary operating system commands on the affected server, achieving limited impacts to confidentiality, integrity, and availability.
References indicate the project was informed early via GitHub issue #6 but has not responded, with no patches or mitigations disclosed. The exploit has been publicly released and may be in use. Practitioners should review the repository at https://github.com/Sunwood-ai-labs/command-executor-mcp-server/ and related VulDB entries for developments.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai, mcp, mcp