CVE-2026-7039
Command Injection in tufantunc ssh-mcp shell.write Function
Publication date: 2026-04-26
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tufantunc | ssh-mcp | to 1.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7039 is a command injection vulnerability in the ssh-mcp tool version 1.5.0, specifically when the "su" shell mode is active. The vulnerability occurs because the "description" field, which is appended to shell commands, is not properly sanitized. While it escapes the '#' character, it does not filter out newline or other shell metacharacters.
This allows an attacker to inject additional shell commands by including newline characters in the description. For example, an attacker can append malicious commands after a legitimate command, causing the shell to execute them with root privileges.
The root shell session remains persistent in su mode, so injected commands execute as root, leading to critical privilege escalation. The vulnerability arises from the way the command and description are combined and passed to the shell without proper sanitization of newlines.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an attacker with local access to execute arbitrary commands as the root user on the affected system.
- Arbitrary root command execution leading to full system compromise.
- Privilege escalation from a lower-privileged user to root.
- Potential creation of unauthorized users or modification of system settings.
- Persistence of root shell session enabling ongoing control.
- Execution of malicious commands disguised as innocuous metadata.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the ssh-mcp tool version 1.5 or earlier is running with the "su" shell mode active (i.e., the --suPassword option is set).
To detect exploitation attempts, monitor for unusual commands or user creation commands executed via the description field, especially those containing newline characters that split commands.
You can look for suspicious command injection patterns in logs or by capturing command inputs that include newline characters in the description field.
Example commands to check for suspicious activity might include searching for processes or logs containing injected commands such as 'useradd' or 'passwd' executed unexpectedly.
- grep -r --include='*.log' $'\n' /var/log/ # Search logs for newline characters in commands
- ps aux | grep ssh-mcp # Check if vulnerable ssh-mcp version is running
- auditctl -w /path/to/ssh-mcp -p x -k sshmcp_exec # Enable auditing on ssh-mcp execution
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves sanitizing the description field to remove or escape newline and carriage return characters before passing it to the shell.
If you are using ssh-mcp version 1.5 or earlier, avoid using the "su" shell mode or the --suPassword option until a patch is available.
Monitor and restrict local access to the system to prevent attackers from exploiting the local command injection vulnerability.
Apply or develop a patch that replaces the vulnerable code with a safe version that sanitizes the description field, for example by replacing newlines with spaces and escaping '#' characters.
- Use a patched version of ssh-mcp that includes the fix: description.replace(/[\n\r]/g, ' ').replace(/#/g, '\\#')
- Restrict local user permissions to limit who can execute ssh-mcp with su mode.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-7039 is a command injection vulnerability that allows local attackers to execute arbitrary commands as root by injecting malicious input into the description field. This type of vulnerability can lead to unauthorized access, data manipulation, and potential data breaches.
Such unauthorized root command execution can compromise the confidentiality, integrity, and availability of sensitive data, which are core principles in compliance frameworks like GDPR and HIPAA.
Therefore, if exploited, this vulnerability could result in non-compliance with these regulations due to potential exposure or alteration of protected data, failure to maintain adequate access controls, and insufficient protection against privilege escalation.