CVE-2026-7600
Deferred Deferred - Pending Action
Command Injection in ArtMin96 yii2-mcp-server

Publication date: 2026-05-02

Last updated on: 2026-05-05

Assigner: VulDB

Description
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-02
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7600
EUVD
EUVD-2026-26725
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
artmin96 yii2-mcp-server 1.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7600 is a command injection vulnerability in the ArtMin96 yii2-mcp-server 1.0.2, specifically affecting the functions yii_command_help and yii_execute_command in the MCP Interface component. The server constructs shell commands by directly concatenating user-supplied arguments into PHP Yii commands and executes them using child_process.exec without proper escaping or argument separation.

This flaw allows an attacker with network access to the MCP interface to inject shell metacharacters (such as semicolons) into command parameters, enabling execution of arbitrary operating system commands with the server's privileges.

Exploitation requires access to the MCP tools, a valid Yii2 project setup, and PHP CLI availability. A proof of concept shows executing commands like 'id' through the yii_command_help tool by injecting malicious input.

Impact Analysis

This vulnerability can lead to full host compromise because attackers can execute arbitrary OS commands with the server's privileges.

  • Data exposure due to unauthorized access to sensitive information.
  • Integrity loss by modifying or corrupting data.
  • Service disruption through denial of service or other malicious actions.

The attack can be performed remotely by sending crafted requests to the vulnerable MCP interface, making it a serious risk if the server is exposed to untrusted networks.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for crafted MCP requests targeting the yii_command_help or yii_execute_command tools that include shell metacharacters such as semicolons (;).

Since the exploit involves injecting commands into the MCP interface, detection can involve checking for unusual or unexpected command parameters sent to the MCP server.

A practical approach is to attempt sending test commands that include shell metacharacters to the MCP interface and observe if arbitrary OS commands are executed.

  • Use network packet capture tools (e.g., tcpdump, Wireshark) to filter for MCP protocol traffic and inspect for suspicious command parameters.
  • Run commands on the server to check for unexpected processes or command executions triggered by MCP requests.
  • Example test command: send a crafted MCP request to the yii_command_help tool with a command parameter containing a shell metacharacter, such as "; id", to see if the server executes the injected command.
Mitigation Strategies

Immediate mitigation steps include restricting access to the MCP server to trusted users only, ensuring it is not exposed to untrusted networks.

Run the MCP server under a low-privilege account to limit the impact of any successful exploitation.

Disable or avoid using the vulnerable command-execution tools such as yii_command_help and yii_execute_command until a fix is available.

Avoid exposing the MCP server over the network to reduce the attack surface.

Longer term, apply safer command execution methods (e.g., execFile or spawn with argument arrays), validate inputs against allowlists, and reject shell metacharacters in user inputs.

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary OS commands on the server, leading to full host compromise including data exposure, integrity loss, and service disruption.

Such impacts on confidentiality, integrity, and availability of data can lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

Specifically, unauthorized data exposure or alteration caused by this vulnerability could violate data protection requirements, potentially resulting in legal and regulatory consequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7600. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart