CVE-2026-7785
Published: 05 May 2026
Summary
CVE-2026-7785 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates identification, reporting, and correction of the OS command injection flaw in the quick_capture function of pyshark_mcp.py, directly remediating CVE-2026-7785.
SI-10 requires validation of manipulated inputs to the quick_capture function, preventing OS command injection exploitation in CVE-2026-7785.
AC-6 enforces least privilege for processes running the vulnerable quick_capture function, limiting damage from successful OS command injection in CVE-2026-7785.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated OS command injection in public-facing app (quick_capture) directly enables T1190 for initial access and T1059 for arbitrary command execution via shell.
NVD Description
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public…
more
and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7785 is an OS command injection vulnerability in the quick_capture function within the pyshark_mcp.py file of the A-G-U-P-T-A/wireshark-mcp project, specifically affecting commits edaf604416fbc94a201b4043092d4a1b09a12275 and 400c3da70074f22f3cce7ccb65304cafc7089c89. This flaw, associated with CWE-77 and CWE-78, was published on 2026-05-05 and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The project operates on a rolling release model with continuous delivery, so no specific affected or patched versions are available.
The vulnerability enables remote exploitation without authentication or user interaction, allowing attackers to inject arbitrary OS commands via manipulated inputs to the quick_capture function. Successful exploitation could result in limited impacts to confidentiality, integrity, and availability, such as unauthorized command execution on the host system running the affected component.
References, including the project's GitHub repository and issue #1, indicate that the issue was reported early to the maintainers, but they have not yet responded or issued any patches or mitigations. Additional details are available on VulDB entries for submission and vulnerability tracking. An exploit has been publicly released, increasing the risk of active attacks.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp