CVE-2026-7593

Source
https://cve.org/CVERecord?id=CVE-2026-7593
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7593.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7593
Published
2026-05-01T20:15:14.494Z
Modified
2026-07-15T01:48:59.318382973Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection
Details

A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src/index.ts of the component MCP Interface. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cwe_ids": [
        "CWE-77",
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7593.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/sunwood-ai-labs/command-executor-mcp-server

Affected ranges

Type
GIT
Repo
https://github.com/sunwood-ai-labs/command-executor-mcp-server
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.1.0"
        },
        {
            "last_affected": "0.1.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.1.0
v0.*
v0.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7593.json"