CVE-2026-7590
Received Received - Intake
OS Command Injection in p_69_branch_monkey_mcp

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: VulDB

Description
A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc71874ce40050ef45fde5a435855f18af3373. The affected element is an unknown function of the file branch_monkey_mcp/bridge_and_local_actions/routes/advanced.py of the component Preview Endpoint. Such manipulation of the argument dev_script leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7590
EUVD
EUVD-2026-26708
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eyal-gor p_69_branch_monkey_mcp to 69bc71874ce40050ef45fde5a435855f18af3373 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7590 is a command injection vulnerability in the Branch Monkey project, specifically in the Preview Endpoint's handling of the dev_script parameter.

The vulnerability occurs because the dev_script argument is executed via the system shell with shell=True in subprocess.Popen(), allowing attackers to inject arbitrary OS commands.

The endpoint validates only the existence of a local Git repository path and commit SHA but does not restrict the commands themselves, enabling remote attackers to execute malicious commands on the server.

Impact Analysis

This vulnerability can have a high impact on confidentiality, integrity, and availability of the affected system.

  • Attackers can read local secrets and sensitive information.
  • They can modify or delete files, potentially altering or destroying important data.
  • Attackers can disrupt services by executing arbitrary commands, causing denial of service or other operational issues.
Detection Guidance

This vulnerability can be detected by monitoring and analyzing requests to the `/api/local-claude/time-machine/preview` endpoint, specifically looking for suspicious or unexpected values in the `dev_script` parameter that might contain shell metacharacters or command injection attempts.

Since the vulnerability involves execution of OS commands via subprocess with shell=True, detection can include searching for unusual file creations or processes spawned by the application, such as the creation of files like `/tmp/codex_cmdi_poc` as demonstrated in the proof of concept.

Suggested commands to detect exploitation attempts include:

  • Use network monitoring tools (e.g., tcpdump, Wireshark) to capture HTTP requests to the vulnerable endpoint and inspect the `dev_script` parameter.
  • On the server, run commands to detect suspicious files or processes, for example: `ls -l /tmp/codex_cmdi_poc` to check for proof-of-concept file creation.
  • Use process monitoring commands like `ps aux | grep branch_monkey_mcp` to identify unexpected subprocesses spawned by the application.
  • Search application logs for unusual or malformed `dev_script` parameter values.
Mitigation Strategies

Immediate mitigation steps include removing or disabling the use of shell execution (`shell=True`) in the subprocess calls that handle the `dev_script` parameter.

Replace shell-based command execution with argv list invocation to avoid shell interpretation of input.

Implement an allowlist of permitted commands or inputs for the `dev_script` parameter to restrict what can be executed.

Add regression tests to detect and prevent command injection attempts involving metacharacters.

Monitor and restrict access to the vulnerable endpoint to trusted users or networks until a patch is applied.

If possible, update to a fixed version of the software once available.

Compliance Impact

The vulnerability allows remote OS command injection, which can lead to unauthorized access, modification, or disruption of data and services. This poses significant risks to confidentiality, integrity, and availability of data.

Such risks can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access or data breaches.

Specifically, the ability for attackers to read local secrets or modify files could lead to exposure or alteration of personal or protected health information, violating regulatory requirements.

Therefore, without proper mitigation, this vulnerability could result in non-compliance with these standards due to potential data breaches and insufficient security controls.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7590. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart