CVE-2026-7220
Received Received - Intake
OS Command Injection in FastlyMCP fastly_cli Tool Enables Remote Attack

Publication date: 2026-04-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7220
EUVD
EUVD-2026-25977
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jackwrichards fastlymcp to 6f3d0b0e654fc51076badc7fa16c03c461f95620 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows remote attackers to execute arbitrary OS commands with high privileges on the MCP server, which can lead to unauthorized access, modification, or destruction of sensitive data.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access and integrity violations.

Specifically, the high confidentiality, integrity, and availability impact of this vulnerability means that organizations using the affected software could face violations of data protection requirements, leading to legal and regulatory consequences.

Executive Summary

CVE-2026-7220 is a critical command injection vulnerability found in the fastly_cli tool of the FastlyMCP project. The vulnerability exists because the tool accepts an attacker-controlled command string and appends it to a PowerShell command line, which is then executed without proper sanitization or validation. This allows an attacker to execute arbitrary operating system commands remotely with the privileges of the MCP server process.

Technically, the vulnerable code constructs a PowerShell command string by concatenating a fixed prefix with the user-supplied command and a Fastly API token, then executes it using Node.js's child_process.exec function. Because the input is interpreted by PowerShell, special characters and command chaining operators can be used by an attacker to run arbitrary commands.

Impact Analysis

This vulnerability can have severe impacts on the affected system and its users. An attacker exploiting this flaw can execute arbitrary OS commands remotely, which can lead to the following consequences:

  • Confidentiality compromise: The attacker can read sensitive files, environment variables, credentials, and other data accessible to the MCP server.
  • Integrity compromise: The attacker can modify files, tamper with configurations, or install persistence mechanisms.
  • Availability impact: The attacker can disrupt services by terminating processes, consuming resources, or executing destructive commands.

Overall, the vulnerability allows an attacker to gain high-level control over the host system beyond the application boundary, posing a critical security risk.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious or unexpected command executions initiated through the fastly_cli tool, especially those that include command chaining or unusual PowerShell commands.

A practical detection method is to look for evidence of arbitrary command execution, such as the creation of unexpected files or execution of commands like 'whoami' via the MCP JSON-RPC interface.

For example, you can check for the presence of the proof-of-concept file created by an exploit attempt:

  • ls -l /tmp/fastlymcp-poc

Additionally, monitoring logs for JSON-RPC requests invoking the fastly_cli tool with suspicious 'command' parameters can help detect exploitation attempts.

Network or system commands to detect suspicious activity might include:

  • grep 'tools/call' /var/log/fastlymcp.log | grep 'fastly_cli'
  • Audit or monitor child_process.exec calls in the fastly-mcp-server process if possible.
Mitigation Strategies

Immediate mitigation steps include removing or disabling the free-form shell command execution functionality in the fastly_cli tool to prevent arbitrary command injection.

Replace the vulnerable command execution approach with a fixed allowlist of supported Fastly subcommands and implement strict argument validation to ensure no unsanitized input reaches the shell.

Avoid using Node.js's child_process.exec with interpolated shell strings; instead, use direct argument arrays and explicit executable invocation methods that do not invoke a shell.

Implement authentication, authorization, audit logging, and rate limiting around the MCP tools to restrict access and detect abuse.

If possible, apply patches or updates from the project once available, or consider disabling the fastly_cli tool until a secure fix is released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7220. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart