CVE-2026-6494
Received Received - Intake
Log Injection Vulnerability in AAP MCP Server Enables Log Forgery

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: Red Hat, Inc.

Description
A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6494
EUVD
EUVD-2026-23400
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redhat aap_mcp_server *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-117 The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a log injection flaw found in the AAP MCP server. An unauthenticated remote attacker can exploit it by sending specially crafted input to the 'toolsetroute' parameter. Because this parameter is not properly sanitized before being written to logs, the attacker can inject control characters such as newlines and ANSI escape sequences.

This injection allows the attacker to obscure legitimate log entries and insert forged ones, potentially misleading operators who review the logs.

Such manipulation could facilitate social engineering attacks, possibly causing an operator to execute dangerous commands or visit malicious URLs.

Impact Analysis

The vulnerability can impact you by allowing an attacker to manipulate log files, hiding their malicious activities and inserting fake log entries.

This can lead to social engineering attacks where operators might be tricked into executing harmful commands or accessing malicious websites.

Overall, it undermines the integrity and reliability of log data, which is critical for monitoring and incident response.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart