CVE-2026-7730
Received Received - Intake
Command Injection in privsim mcp-test-runner

Publication date: 2026-05-04

Last updated on: 2026-05-04

Assigner: VulDB

Description
A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-05-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7730
EUVD
EUVD-2026-26884
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
privsim mcp-test-runner 0.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7730 is a command injection vulnerability in the privsim mcp-test-runner tool, specifically in the child_process.spawn function of the MCP Interface component. The vulnerability occurs because the tool accepts user-supplied command arguments and executes them with shell: true without proper validation or sanitization, especially when a non-generic testing framework like jest or pytest is selected.

An attacker with network access to the MCP interface can manipulate the command argument to inject arbitrary shell commands, which the system then executes. This can lead to full host compromise.

Impact Analysis

This vulnerability can have severe impacts including full host compromise. An attacker can execute arbitrary shell commands remotely, leading to data exposure, loss of data integrity, and disruption of services.

  • Confidentiality impact: sensitive data may be exposed.
  • Integrity impact: data and system integrity can be compromised.
  • Availability impact: services may be disrupted or denied.

The vulnerability requires network access to the MCP interface and the ability to invoke the run_tests tool with crafted commands.

Detection Guidance

This vulnerability can be detected by monitoring for unexpected or suspicious commands executed via the MCP interface, especially those involving the run_tests tool with non-generic framework values.

A proof of concept involves sending a crafted request that injects shell commands such as the 'id' command, which executes and returns output indicating command injection.

Detection can include monitoring logs for unusual command executions or network requests invoking run_tests with suspicious command arguments.

  • Use network monitoring tools to capture requests to the MCP interface and inspect parameters for command injection patterns.
  • Check process execution logs for unexpected shell commands spawned by the MCP server.
  • Attempt to reproduce the issue in a controlled environment by sending a request with a command parameter like 'id' to see if it executes and returns output.
Mitigation Strategies

Immediate mitigation steps include restricting access to the MCP server and the run_tests tool to trusted and authorized users only.

Disable the execution of non-generic frameworks (such as jest or pytest) that allow command injection.

Run the MCP server process with the lowest possible privileges to limit the impact of any successful exploitation.

Monitor the system for unexpected or suspicious command executions and network activity targeting the MCP interface.

Avoid exposing the MCP server to untrusted clients or networks.

Longer term, apply fixes such as avoiding shell execution with user-supplied commands, implementing command allowlists, validating inputs, and restricting framework-specific commands.

Compliance Impact

The vulnerability allows remote attackers to inject arbitrary shell commands, potentially leading to full host compromise including data exposure, integrity loss, and service disruption.

Such impacts on confidentiality, integrity, and availability could lead to non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

Specifically, unauthorized data exposure and integrity loss could violate data protection requirements, while service disruption could affect availability obligations.

Mitigations such as restricting access, disabling risky features, running with low privileges, and monitoring are recommended to reduce compliance risks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7730. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart