CVE-2026-7215
Remote Command Injection in egtai GMX-VMD-MCP VMD Launch Handler
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| egtai | gmx-vmd-mcp | 0.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7215 is a command injection vulnerability in the GMX-VMD-MCP tool, specifically in the function launch_vmd_gui_tool within the mcp_server.py file. This function constructs and executes shell commands to launch the VMD visualization tool using user-supplied file paths for structure and trajectory files.
The vulnerability arises because the function only checks if the files exist but does not sanitize or validate the file names for shell metacharacters. As a result, an attacker can supply file paths containing shell metacharacters (such as ;, &, #) that get directly concatenated into the shell command string and executed via os.system().
This allows an attacker to inject and execute arbitrary shell commands remotely by crafting malicious file names, leading to unauthorized command execution on the host system.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access and control over the host system running the GMX-VMD-MCP tool.
- Confidentiality: Attackers can read sensitive files and project data on the host.
- Integrity: Attackers can modify files and system state, potentially corrupting data or altering workflows.
- Availability: Attackers can disrupt or destroy service workflows, causing denial of service.
Because the vulnerability allows arbitrary command execution with the permissions of the service account, it can lead to full compromise of the host system beyond the application scope.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of files with shell metacharacters in their names that are used as arguments to the MCP tool's VMD launch function. A proof-of-concept involves creating files with crafted names containing shell metacharacters such as ";", "&", or "#" and then invoking the MCP tool with these filenames as parameters.
For example, a crafted filename like `/tmp/poc.gro;touch egtai_cmdi;#` can be used to test if command injection occurs. If the exploit is successful, a file named `egtai_cmdi` will be created in the server's working directory.
Detection commands include:
- Create a file with shell metacharacters in its name: `touch "/tmp/poc.gro;touch egtai_cmdi;#"`
- Invoke the MCP tool's VMD launch method via JSON-RPC or API, passing the crafted filename as the `structure_file` parameter and a legitimate file as `trajectory_file`.
- Check for the presence of the file `egtai_cmdi` in the server directory to confirm command injection.
Additionally, monitoring network traffic for suspicious API calls that include shell metacharacters in file path parameters may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid using `os.system()` or any shell invocation with user-supplied file paths.
- Sanitize and validate all file path inputs to reject or escape shell metacharacters such as `;`, `&`, `#`, `$()`, backticks, and spaces.
- Restrict usage of the MCP tool's VMD launch functionality to trusted local operators only.
- Prefer safer APIs like `subprocess.run([...], shell=False)` or `create_subprocess_exec` to execute commands without invoking a shell.
- Normalize and rigorously validate file paths before use.
- Apply regression tests with filenames containing shell metacharacters to ensure the vulnerability is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary command injection via unsanitized file path arguments, which can lead to high confidentiality, integrity, and availability impacts on the host system.
Such a security flaw could result in unauthorized access to sensitive data, modification of data, or disruption of services, which may violate compliance requirements under standards like GDPR and HIPAA that mandate protection of personal and sensitive information.
Specifically, the ability to execute arbitrary commands remotely could lead to data breaches or loss of data integrity, both of which are critical concerns in regulatory frameworks focused on data protection and privacy.
Therefore, until mitigated, this vulnerability poses a significant risk to compliance with common security and privacy regulations.