CVE-2026-7812

High

Published: 05 May 2026

Published

05 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0104 77.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can…

be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-11 Developer Testing and Evaluation

addresses: CWE-74

Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.

SI-4 System Monitoring

addresses: CWE-74

Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.

Security SummaryAI

CVE-2026-7812 is a command injection vulnerability in the 54yyyu code-mcp project, affecting commits up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The flaw resides in the git_operation function within the file src/code_mcp/server.py of the MCP Tool component. By manipulating the 'operation' argument, attackers can inject arbitrary commands, as classified under CWE-74 and CWE-77. The project uses continuous delivery with rolling releases, so no specific affected or patched versions are available.

Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability over the network with low complexity, earning it a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation allows limited impacts on confidentiality, integrity, and availability, such as executing unauthorized commands on the server.

Advisories from VulDB and the project's GitHub repository indicate the issue was reported early via issue #5, but the maintainers have not responded or issued patches. No mitigation steps or updated releases are detailed due to the rolling release model.

The exploit has been made public and could be used, though no real-world exploitation in the wild is noted.

Details

CWE(s): CWE-74 CWE-77

AI Security AnalysisAI

AI Category: AI Agent Protocols and Integrations
Risk Domain: Protocol-Specific Risks
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: mcp, mcp

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

Why these techniques?

Command injection in a remotely accessible, unauthenticated MCP server component directly enables T1190 (Exploit Public-Facing Application) for initial access and results in arbitrary command execution that maps to T1059 (Command and Scripting Interpreter).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/54yyyu/code-mcp/
cna@vuldb.com
https://github.com/54yyyu/code-mcp/issues/5
cna@vuldb.com
https://vuldb.com/submit/807752
cna@vuldb.com
https://vuldb.com/vuln/361072
cna@vuldb.com
https://vuldb.com/vuln/361072/cti
cna@vuldb.com