CVE-2026-7211
Remote Command Injection in dvladimirov MCP Git Search API
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dvladimirov | mcp | to 0.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote command injection via unsanitized input in the Git Search API, enabling attackers to execute arbitrary commands on the host system.
This can lead to unauthorized access, modification, or disruption of sensitive data and services, which poses significant risks to confidentiality, integrity, and availability.
Such risks can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and tampering.
Therefore, exploitation of this vulnerability could lead to violations of data protection requirements, potentially causing legal and regulatory consequences.
Can you explain this vulnerability to me?
The vulnerability CVE-2026-7211 is a command injection flaw in the dvladimirov MCP project's Git Search API, specifically in the GitSearchRequest function of the mcp_server.py file.
The issue arises because the API accepts user-controlled input parameters, repo_url and pattern, and directly inserts the pattern parameter into a shell command executed with shell=True in Python's subprocess.check_output().
Since the pattern parameter is not sanitized, an attacker can include shell metacharacters to break out of the intended grep command and execute arbitrary shell commands on the host remotely.
A proof-of-concept exploit demonstrates this by sending a malicious pattern that creates a file on the host, proving arbitrary command execution is possible.
This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and has a high security impact affecting confidentiality, integrity, and availability.
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary shell commands on the host running the MCP Git Search API remotely.
- Confidentiality impact: Attackers can read sensitive data on the host.
- Integrity impact: Attackers can modify files or system state, potentially altering or corrupting data.
- Availability impact: Attackers can disrupt services or cause denial of service by executing destructive commands.
Because the scope of the impact extends to the entire host environment, the vulnerability is critical and can compromise the security of the system and its data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the command injection via the Git Search HTTP endpoint by sending a crafted POST request with a malicious pattern parameter containing shell metacharacters.
For example, sending a POST request with JSON payload like: { "repo_url": "https://github.com/octocat/Hello-World.git", "pattern": "\"; touch /tmp/dvladimirov_mcp_cmdi; #" } will cause the server to execute the command 'touch /tmp/dvladimirov_mcp_cmdi' if vulnerable.
Detection can be confirmed by checking for the presence of the file /tmp/dvladimirov_mcp_cmdi on the host system.
No direct shell commands are provided to scan for the vulnerability, but monitoring for unexpected file creation or suspicious POST requests to the Git Search API endpoint can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable Git Search HTTP endpoint to trusted users only until a patch is available.
Avoid using the vulnerable version of the MCP component that executes shell commands with unsanitized user input.
If possible, replace the vulnerable shell command execution with safer alternatives such as native Python file traversal and content scanning or invoking external commands with argument arrays and shell=False.
Strictly validate or escape the 'pattern' parameter to prevent shell metacharacters from being interpreted.
Implement additional regression tests to cover patterns containing shell metacharacters to prevent similar issues.