CVE-2026-5528
Remote OS Command Injection in MoussaabBadla code-screenshot-mcp HTTP Interface
Publication date: 2026-04-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moussaabbadla | code_screenshot_mcp | to 0.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5528 is a critical command injection vulnerability in the code-screenshot-mcp project (versions up to 0.1.0). An attacker with network access to the MCP/HTTP interface can send malicious input through request parameters that are not properly sanitized. This input is then passed directly to an operating system command execution function (execAsync), allowing the attacker to execute arbitrary system commands with the privileges of the server process.
The vulnerability arises because user-supplied data from the HTTP request is used unsafely in shell commands, enabling attackers to inject additional commands. This can lead to full host compromise, including unauthorized data access, modification, or disruption of services.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full system compromise. An attacker can execute arbitrary commands on the server, potentially leading to:
- Exposure of sensitive data (confidentiality loss)
- Modification or corruption of data (integrity loss)
- Disruption or denial of service (availability loss)
Because the attacker can run commands with the server's privileges, they may gain control over the entire host system, which can be used to further penetrate the network or launch additional attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and testing the MCP/HTTP interface for command injection attempts. Specifically, you can try sending crafted requests that inject shell commands into parameters such as "filePath" to see if the system executes them.
A proof-of-concept example involves sending a JSON-RPC request with a payload like: "filePath":"safe.txt; id>&2; #" to check if the server executes the injected command.
Detection commands or tests could include using curl or similar tools to send such crafted requests to the vulnerable endpoint and observing if the injected commands are executed or if error outputs reveal command execution.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing any direct shell-string execution from request-driven code paths and replacing free-form commands with fixed allowlists and validated argument schemas.
Prefer using argument-array process execution methods that do not invoke a shell interpreter to avoid command injection.
Add authentication, authorization, logging, and rate limiting on sensitive MCP/HTTP handlers to reduce the attack surface.
Implement input schema validation at MCP/HTTP boundaries to prevent attacker-controlled values from reaching OS command execution sinks.
Monitor for patches or security advisories from the vendor or maintainers and apply updates as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows remote OS command injection leading to potential full host compromise, including data exposure, integrity loss, and service disruption.
Such impacts on confidentiality, integrity, and availability of data could lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
Specifically, unauthorized data exposure or alteration caused by this vulnerability could violate data protection requirements and result in regulatory penalties.