Cyber Resilience

CVE-2026-7593

Medium

Published: 01 May 2026

Published
01 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0212 84.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7593 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A security vulnerability has been identified in Sunwood-ai-labs command-executor-mcp-server versions up to 0.1.0, specifically in the execute_command function of the src/index.ts file within the MCP Interface component. The flaw stems from improper handling of input that permits OS command injection, as indicated by the associated CWE-77 and CWE-78 classifications, and carries a CVSS 4.0 score of 5.5 reflecting network-accessible attack vectors with limited impacts.

Remote attackers can exploit the issue without requiring authentication, user interaction, or special privileges to inject and execute arbitrary operating system commands, resulting in partial compromise of confidentiality, integrity, and availability on the affected system. Public disclosure of the exploit has occurred, enabling potential use by threat actors.

The project maintainers were notified of the problem through an early issue report on the repository but have not issued a response or patch. Available references point to the GitHub repository, the associated issue, and Vuldb entries without providing mitigation guidance.

The EPSS score remains low at a current value of 0.0212 with a peak of 0.0218, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible.…

more

The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

OS command injection in a network-accessible server directly enables remote exploitation of public-facing applications (T1190) and arbitrary command execution via the OS command interpreter (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7064Shared CWE-77, CWE-78
CVE-2026-6130Shared CWE-77, CWE-78
CVE-2025-9262Shared CWE-77, CWE-78
CVE-2026-7443Shared CWE-77, CWE-78
CVE-2026-7785Shared CWE-77, CWE-78
CVE-2026-5802Shared CWE-77, CWE-78
CVE-2025-11285Shared CWE-77, CWE-78
CVE-2026-6942Shared CWE-78
CVE-2025-59736Shared CWE-77, CWE-78
CVE-2025-44015Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents OS command injection by requiring validation and sanitization of inputs to the vulnerable execute_command function.

prevent

Remediates the specific flaw in the execute_command function through identification, reporting, and timely patching.

prevent

Limits damage from injected commands by enforcing least privilege on the command-executor server process.

References