CVE-2026-2131

MediumPublic PoC

Published: 08 February 2026

Published

08 February 2026

Modified

05 March 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0038 59.3th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be…

used.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents OS command injection by requiring validation and sanitization of the untrusted text argument in the input_text function.

SI-2 Flaw Remediation good match

prevent

Remediates the specific flaw in HarmonyOS-mcp-server 0.1.0 by identifying, reporting, and correcting the command injection vulnerability.

SI-9 Information Input Restrictions good match

prevent

Enforces restrictions such as format and content checks on the text input at system boundaries to block command injection payloads.

Security SummaryAI

CVE-2026-2131, published on 2026-02-08, is an OS command injection vulnerability in XixianLiang HarmonyOS-mcp-server version 0.1.0. The issue affects the input_text function, where manipulation of the text argument enables command injection. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs-77 and CWE-78.

Remote exploitation is possible by an attacker possessing low privileges. Successful attacks allow limited impacts on confidentiality, integrity, and availability via injected OS commands.

Advisories and further details, including a public exploit, are documented in references such as https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md, https://vuldb.com/?ctiid.344766, https://vuldb.com/?id.344766, and https://vuldb.com/?submit.747209. The exploit is publicly available and might be used.

The vulnerability description notes that remote exploitation is feasible, with the public exploit increasing potential for real-world abuse.

Details

CWE(s): CWE-77 CWE-78

Affected Products

xixianliang

harmonyos mcp server

0.1.0

AI Security AnalysisAI

AI Category: AI Agent Protocols and Integrations
Risk Domain: Protocol-Specific Risks
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: mcp

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

OS command injection directly enables arbitrary Unix shell command execution (T1059.004) via exploitation of the remote service (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.344766
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344766
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.747209
Third Party Advisory, VDB Entry · cna@vuldb.com