CVE-2026-7066
Received Received - Intake
Remote OS Command Injection in choieastsea simple-openstack-mcp

Publication date: 2026-04-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7066
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
choieastsea simple-openstack-mcp to 767b2f4a8154cca344344b9725537a58399e6036 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7066 is an OS command injection vulnerability found in the simple-openstack-mcp project, specifically in the exec_openstack function within the server.py file.

The vulnerability arises because the function only checks if the input command starts with the prefix "openstack" but does not sanitize or neutralize shell metacharacters like ";".

This allows an attacker to append arbitrary shell commands to the input, which are then executed by the server using subprocess.run with shell=True, enabling remote code execution under the service account.

Impact Analysis

This vulnerability can have a high impact on confidentiality, integrity, and availability of the affected system.

  • Confidentiality: An attacker can read local secrets or configuration files.
  • Integrity: An attacker can modify files or the runtime state of the system.
  • Availability: An attacker can disrupt the service or execute destructive commands.

Because the exploit can be launched remotely without authentication, it poses a significant risk if the vulnerable interface is exposed to untrusted users.

Detection Guidance

This vulnerability can be detected by attempting to exploit the OS command injection via the vulnerable exec_openstack function. A proof-of-concept involves sending a JSON-RPC request with a command containing shell metacharacters, such as a semicolon (;), to execute arbitrary commands.

For example, sending a command like "openstack --help; touch /tmp/choieastsea_cmdinj_poc" to the vulnerable endpoint can be used to test if the system is vulnerable.

Detection can be confirmed by checking for the presence of the created file "/tmp/choieastsea_cmdinj_poc" on the system.

Since the vulnerability involves execution of shell commands with shell metacharacters, monitoring network traffic for JSON-RPC requests invoking exec_openstack with suspicious command strings containing shell metacharacters like ";" can also help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable exec_openstack interface by implementing network ACLs, authentication, authorization, or mutual TLS to prevent untrusted callers from reaching the endpoint.

Reject or sanitize input containing shell metacharacters on the server side, and enforce strict allowlists for commands accepted by the exec_openstack function.

Avoid using subprocess.run with shell=True on attacker-controlled input. Instead, update the code to use subprocess.run with argument arrays and shell=False.

Add regression tests to detect and prevent known malicious payloads.

Compliance Impact

The vulnerability allows remote OS command injection, which can lead to unauthorized access, modification, or disruption of system data and services. This can compromise confidentiality, integrity, and availability of sensitive information.

Such a security flaw could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and ensure system integrity and availability.

Specifically, the ability for an attacker to execute arbitrary commands remotely may lead to data breaches or service disruptions, both of which are critical compliance concerns under these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7066. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart