CVE-2026-7785
Published: 05 May 2026
Summary
CVE-2026-7785 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp at commit edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. The issue resides in the quick_capture function of pyshark_mcp.py and stems from improper handling of input that permits OS command injection, tracked under CWE-77 and CWE-78. The product follows a rolling release model with no discrete version identifiers for affected or fixed builds.
Remote attackers can trigger the flaw without authentication or user interaction, executing arbitrary operating system commands and obtaining limited effects on confidentiality, integrity, and availability. The CVSS 4.0 score of 5.5 reflects network attack vector, low complexity, and no required privileges or user interaction. A public exploit has already been disclosed.
The GitHub repository, associated issue report, and Vuldb entries document the problem but contain no mitigation guidance or patch references. The maintainer was notified via the issue tracker yet has not responded.
EPSS remains low and essentially flat at 0.0212 currently with a peak of 0.0218, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-27159
Vulnerability details
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public…
more
and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated OS command injection in public-facing app (quick_capture) directly enables T1190 for initial access and T1059 for arbitrary command execution via shell.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 mandates identification, reporting, and correction of the OS command injection flaw in the quick_capture function of pyshark_mcp.py, directly remediating CVE-2026-7785.
SI-10 requires validation of manipulated inputs to the quick_capture function, preventing OS command injection exploitation in CVE-2026-7785.
AC-6 enforces least privilege for processes running the vulnerable quick_capture function, limiting damage from successful OS command injection in CVE-2026-7785.