CVE-2026-7039
Received Received - Intake
Command Injection in tufantunc ssh-mcp shell.write Function

Publication date: 2026-04-26

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7039
EUVD
EUVD-2026-25716
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tufantunc ssh-mcp to 1.5.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7039 is a command injection vulnerability in the ssh-mcp tool version 1.5.0, specifically when the "su" shell mode is active. The vulnerability occurs because the "description" field, which is appended to shell commands, is not properly sanitized. While it escapes the '#' character, it does not filter out newline or other shell metacharacters.

This allows an attacker to inject additional shell commands by including newline characters in the description. For example, an attacker can append malicious commands after a legitimate command, causing the shell to execute them with root privileges.

The root shell session remains persistent in su mode, so injected commands execute as root, leading to critical privilege escalation. The vulnerability arises from the way the command and description are combined and passed to the shell without proper sanitization of newlines.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker with local access to execute arbitrary commands as the root user on the affected system.

  • Arbitrary root command execution leading to full system compromise.
  • Privilege escalation from a lower-privileged user to root.
  • Potential creation of unauthorized users or modification of system settings.
  • Persistence of root shell session enabling ongoing control.
  • Execution of malicious commands disguised as innocuous metadata.
Detection Guidance

This vulnerability can be detected by checking if the ssh-mcp tool version 1.5 or earlier is running with the "su" shell mode active (i.e., the --suPassword option is set).

To detect exploitation attempts, monitor for unusual commands or user creation commands executed via the description field, especially those containing newline characters that split commands.

You can look for suspicious command injection patterns in logs or by capturing command inputs that include newline characters in the description field.

Example commands to check for suspicious activity might include searching for processes or logs containing injected commands such as 'useradd' or 'passwd' executed unexpectedly.

  • grep -r --include='*.log' $'\n' /var/log/ # Search logs for newline characters in commands
  • ps aux | grep ssh-mcp # Check if vulnerable ssh-mcp version is running
  • auditctl -w /path/to/ssh-mcp -p x -k sshmcp_exec # Enable auditing on ssh-mcp execution
Mitigation Strategies

Immediate mitigation involves sanitizing the description field to remove or escape newline and carriage return characters before passing it to the shell.

If you are using ssh-mcp version 1.5 or earlier, avoid using the "su" shell mode or the --suPassword option until a patch is available.

Monitor and restrict local access to the system to prevent attackers from exploiting the local command injection vulnerability.

Apply or develop a patch that replaces the vulnerable code with a safe version that sanitizes the description field, for example by replacing newlines with spaces and escaping '#' characters.

  • Use a patched version of ssh-mcp that includes the fix: description.replace(/[\n\r]/g, ' ').replace(/#/g, '\\#')
  • Restrict local user permissions to limit who can execute ssh-mcp with su mode.
Compliance Impact

CVE-2026-7039 is a command injection vulnerability that allows local attackers to execute arbitrary commands as root by injecting malicious input into the description field. This type of vulnerability can lead to unauthorized access, data manipulation, and potential data breaches.

Such unauthorized root command execution can compromise the confidentiality, integrity, and availability of sensitive data, which are core principles in compliance frameworks like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could result in non-compliance with these regulations due to potential exposure or alteration of protected data, failure to maintain adequate access controls, and insufficient protection against privilege escalation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7039. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart