CVE-2026-6980
Received Received - Intake
Remote Command Injection in GitPilot-MCP repo_path Function

Publication date: 2026-04-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of the file main.py. Such manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6980
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
divyanshu-hash gitpilot-mcp to 9ed9f153ba4158a2ad230ee4871b25130da29ffd (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6980 is a command injection vulnerability in the GitPilot-MCP tool, specifically in the run_tests function. The vulnerability arises because the function executes a command string passed as an argument directly in the shell without any validation or filtering. This allows an attacker to inject arbitrary shell commands.

The vulnerable code uses subprocess.run() with shell=True and no allowlist, meaning any command passed can be executed on the host system. An attacker can exploit this by sending specially crafted requests to the tool's interface, causing arbitrary commands to run remotely.

Impact Analysis

This vulnerability can have severe impacts including:

  • Confidentiality: An attacker can execute commands to read sensitive data on the system.
  • Integrity: The attacker can modify files in the repository or on the host system.
  • Availability: The attacker can disrupt automated workflows such as continuous integration processes.

Because the attack can be launched remotely without authentication, it poses a high risk to systems running the vulnerable GitPilot-MCP tool.

Detection Guidance

This vulnerability can be detected by checking for the presence of files or artifacts created by malicious command injection attempts. For example, the proof of concept creates a file named /tmp/gitpilot_cmdinj_poc to demonstrate arbitrary command execution.

You can monitor your system for unexpected files like /tmp/gitpilot_cmdinj_poc or other suspicious files created in temporary directories.

Additionally, you can inspect network traffic or logs for JSON-RPC requests invoking the run_tests method with suspicious command parameters containing shell metacharacters such as semicolons (;).

  • Check for the presence of the file created by the PoC: `ls -l /tmp/gitpilot_cmdinj_poc`
  • Search logs or network captures for JSON-RPC calls with suspicious commands, e.g., using grep: `grep -r 'run_tests' /var/log/` or inspecting HTTP request payloads.
  • Monitor for unexpected subprocess executions or shell commands triggered by the GitPilot-MCP tool.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable interface to prevent unauthorized command execution.

  • Implement network access control lists (ACLs) to limit which hosts can reach the vulnerable MCP tool endpoint.
  • Enforce strong authentication and authorization mechanisms, such as mutual TLS, to ensure only trusted users can invoke the run_tests method.
  • Reject untrusted shell metacharacters in the command parameter and enforce strict server-side allowlists for commands.
  • Avoid using subprocess.run() with shell=True on untrusted input; update the code to use safe APIs with argument arrays and shell=False.

Adding regression tests to cover proof-of-concept payloads can help detect attempts to exploit this vulnerability in the future.

Compliance Impact

The vulnerability allows an attacker to execute arbitrary shell commands remotely, which can lead to unauthorized access to sensitive data, modification of files, and disruption of services.

Such impacts on confidentiality, integrity, and availability can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

Specifically, the ability to read sensitive data and modify repository or host system files could violate data protection requirements, while disruption of automated workflows could affect service availability obligations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart