CVE-2026-7211
Received Received - Intake
Remote Command Injection in dvladimirov MCP Git Search API

Publication date: 2026-04-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7211
EUVD
EUVD-2026-25964
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dvladimirov mcp to 0.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows remote command injection via unsanitized input in the Git Search API, enabling attackers to execute arbitrary commands on the host system.

This can lead to unauthorized access, modification, or disruption of sensitive data and services, which poses significant risks to confidentiality, integrity, and availability.

Such risks can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and tampering.

Therefore, exploitation of this vulnerability could lead to violations of data protection requirements, potentially causing legal and regulatory consequences.

Executive Summary

The vulnerability CVE-2026-7211 is a command injection flaw in the dvladimirov MCP project's Git Search API, specifically in the GitSearchRequest function of the mcp_server.py file.

The issue arises because the API accepts user-controlled input parameters, repo_url and pattern, and directly inserts the pattern parameter into a shell command executed with shell=True in Python's subprocess.check_output().

Since the pattern parameter is not sanitized, an attacker can include shell metacharacters to break out of the intended grep command and execute arbitrary shell commands on the host remotely.

A proof-of-concept exploit demonstrates this by sending a malicious pattern that creates a file on the host, proving arbitrary command execution is possible.

This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and has a high security impact affecting confidentiality, integrity, and availability.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary shell commands on the host running the MCP Git Search API remotely.

  • Confidentiality impact: Attackers can read sensitive data on the host.
  • Integrity impact: Attackers can modify files or system state, potentially altering or corrupting data.
  • Availability impact: Attackers can disrupt services or cause denial of service by executing destructive commands.

Because the scope of the impact extends to the entire host environment, the vulnerability is critical and can compromise the security of the system and its data.

Detection Guidance

This vulnerability can be detected by attempting to exploit the command injection via the Git Search HTTP endpoint by sending a crafted POST request with a malicious pattern parameter containing shell metacharacters.

For example, sending a POST request with JSON payload like: { "repo_url": "https://github.com/octocat/Hello-World.git", "pattern": "\"; touch /tmp/dvladimirov_mcp_cmdi; #" } will cause the server to execute the command 'touch /tmp/dvladimirov_mcp_cmdi' if vulnerable.

Detection can be confirmed by checking for the presence of the file /tmp/dvladimirov_mcp_cmdi on the host system.

No direct shell commands are provided to scan for the vulnerability, but monitoring for unexpected file creation or suspicious POST requests to the Git Search API endpoint can help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable Git Search HTTP endpoint to trusted users only until a patch is available.

Avoid using the vulnerable version of the MCP component that executes shell commands with unsanitized user input.

If possible, replace the vulnerable shell command execution with safer alternatives such as native Python file traversal and content scanning or invoking external commands with argument arrays and shell=False.

Strictly validate or escape the 'pattern' parameter to prevent shell metacharacters from being interpreted.

Implement additional regression tests to cover patterns containing shell metacharacters to prevent similar issues.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart