CVE-2026-7628
Deferred Deferred - Pending Action
Command Injection in crazyrabbitLTC mcp-code-review-server

Publication date: 2026-05-02

Last updated on: 2026-05-05

Assigner: VulDB

Description
A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-02
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7628
EUVD
EUVD-2026-26787
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
crazyrabbitltc mcp-code-review-server to 0.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7628 is a command injection vulnerability in the crazyrabbitLTC mcp-code-review-server up to version 0.1.0. It affects the executeRepomix function in the src/repomix.ts file of the RepoMix Command Handler component. The vulnerability arises because the server uses the Node.js exec() function to run shell commands with unsanitized user input, specifically from parameters like specificFiles and repoPath.

Attackers can inject malicious shell commands by including shell meta-characters (such as ;, &, or |) in these parameters, which the server then executes. This allows remote attackers to execute arbitrary commands on the server hosting the application.

The issue was reported with a proof-of-concept demonstrating how an attacker could, for example, run commands like whoami and write outputs to files by injecting them into the specificFiles parameter.

Impact Analysis

This vulnerability can have serious impacts because it allows remote attackers to execute arbitrary commands on the affected server.

  • Attackers could gain unauthorized access to sensitive data stored on the server.
  • They could modify or delete files, potentially disrupting service or corrupting data.
  • The attacker might escalate privileges depending on the server's configuration, leading to full control over the host environment.
  • Such control could be used to pivot to other systems within the network, increasing the scope of compromise.
Detection Guidance

This vulnerability can be detected by checking if the mcp-code-review-server is executing shell commands using the exec() function with unsanitized user input, specifically in the parameters like specificFiles or repoPath.

One way to detect exploitation attempts is to monitor for unusual command executions or unexpected files created by injected commands, such as files created by commands like whoami > poc.txt.

You can also look for suspicious usage patterns or command injection attempts in logs or by running tests with crafted inputs containing shell meta-characters like ;, &, or |.

  • Use network monitoring tools to detect unusual outbound commands or connections initiated by the server.
  • Run a test command against the vulnerable parameter, for example, invoking the analyze_repo tool with a parameter like 'package.json&whoami > poc.txt' and then checking if the file poc.txt is created with the output of whoami.
  • Check the source code or running processes to see if exec() is used with unsanitized input.
Mitigation Strategies

Immediate mitigation steps include replacing the use of child_process.exec with child_process.execFile to avoid shell interpretation of user inputs.

Implement strict input validation and sanitization on all user-supplied parameters, especially those used in command execution like specificFiles and repoPath.

Avoid concatenating user input directly into shell command strings; instead, pass inputs as separate arguments to execFile or similar safe APIs.

Remove any shell-based output chaining (e.g., using && cat) to prevent command injection through shell operators.

Apply any available patches or pull requests that address this issue, such as the one replacing exec() with execFile and standardizing output handling.

Compliance Impact

The vulnerability allows remote command injection on the mcp-code-review-server, potentially enabling attackers to execute arbitrary commands on the server.

Such unauthorized command execution could lead to unauthorized access, modification, or disclosure of sensitive data hosted or processed by the server.

This risk of data compromise may impact compliance with data protection regulations and standards such as GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access and ensuring system integrity.

However, the provided information does not explicitly discuss compliance impacts or specific regulatory considerations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7628. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart