CVE-2026-7215
Received Received - Intake
Remote Command Injection in egtai GMX-VMD-MCP VMD Launch Handler

Publication date: 2026-04-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulation of the argument structure_file/trajectory_file results in command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7215
EUVD
EUVD-2026-25971
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
egtai gmx-vmd-mcp 0.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7215 is a command injection vulnerability in the GMX-VMD-MCP tool, specifically in the function launch_vmd_gui_tool within the mcp_server.py file. This function constructs and executes shell commands to launch the VMD visualization tool using user-supplied file paths for structure and trajectory files.

The vulnerability arises because the function only checks if the files exist but does not sanitize or validate the file names for shell metacharacters. As a result, an attacker can supply file paths containing shell metacharacters (such as ;, &, #) that get directly concatenated into the shell command string and executed via os.system().

This allows an attacker to inject and execute arbitrary shell commands remotely by crafting malicious file names, leading to unauthorized command execution on the host system.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access and control over the host system running the GMX-VMD-MCP tool.

  • Confidentiality: Attackers can read sensitive files and project data on the host.
  • Integrity: Attackers can modify files and system state, potentially corrupting data or altering workflows.
  • Availability: Attackers can disrupt or destroy service workflows, causing denial of service.

Because the vulnerability allows arbitrary command execution with the permissions of the service account, it can lead to full compromise of the host system beyond the application scope.

Detection Guidance

This vulnerability can be detected by checking for the presence of files with shell metacharacters in their names that are used as arguments to the MCP tool's VMD launch function. A proof-of-concept involves creating files with crafted names containing shell metacharacters such as ";", "&", or "#" and then invoking the MCP tool with these filenames as parameters.

For example, a crafted filename like `/tmp/poc.gro;touch egtai_cmdi;#` can be used to test if command injection occurs. If the exploit is successful, a file named `egtai_cmdi` will be created in the server's working directory.

Detection commands include:

  • Create a file with shell metacharacters in its name: `touch "/tmp/poc.gro;touch egtai_cmdi;#"`
  • Invoke the MCP tool's VMD launch method via JSON-RPC or API, passing the crafted filename as the `structure_file` parameter and a legitimate file as `trajectory_file`.
  • Check for the presence of the file `egtai_cmdi` in the server directory to confirm command injection.

Additionally, monitoring network traffic for suspicious API calls that include shell metacharacters in file path parameters may help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include:

  • Avoid using `os.system()` or any shell invocation with user-supplied file paths.
  • Sanitize and validate all file path inputs to reject or escape shell metacharacters such as `;`, `&`, `#`, `$()`, backticks, and spaces.
  • Restrict usage of the MCP tool's VMD launch functionality to trusted local operators only.
  • Prefer safer APIs like `subprocess.run([...], shell=False)` or `create_subprocess_exec` to execute commands without invoking a shell.
  • Normalize and rigorously validate file paths before use.
  • Apply regression tests with filenames containing shell metacharacters to ensure the vulnerability is fixed.
Compliance Impact

The vulnerability allows arbitrary command injection via unsanitized file path arguments, which can lead to high confidentiality, integrity, and availability impacts on the host system.

Such a security flaw could result in unauthorized access to sensitive data, modification of data, or disruption of services, which may violate compliance requirements under standards like GDPR and HIPAA that mandate protection of personal and sensitive information.

Specifically, the ability to execute arbitrary commands remotely could lead to data breaches or loss of data integrity, both of which are critical concerns in regulatory frameworks focused on data protection and privacy.

Therefore, until mitigated, this vulnerability poses a significant risk to compliance with common security and privacy regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7215. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart