CVE-2026-10279
Deferred Deferred - Pending Action
OS Command Injection in wezterm-mcp

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pane. The manipulation of the argument request.params.arguments.pane_id leads to os command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-10279
EUVD
EUVD-2026-33731
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
hiraishikentaro wezterm-mcp 0.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the wezterm-mcp tool, specifically in the functions switch_pane and write_to_specific_pane that handle the pane_id argument.

Although the pane_id is supposed to be a number, the runtime does not enforce this, allowing attackers to inject shell metacharacters into the pane_id parameter.

This leads to OS command injection because the pane_id is passed directly into shell command strings executed via child_process.exec, enabling arbitrary command execution with the privileges of the MCP server process.

An attacker can exploit this remotely by sending crafted JSON-RPC requests with malicious pane_id values to execute arbitrary commands on the host.

Impact Analysis

This vulnerability can have a high impact on confidentiality, integrity, and availability of the affected system.

  • Attackers can execute arbitrary commands on the host with the privileges of the MCP server process.
  • They can read local files, modify or delete files, execute malicious payloads, or disrupt the host's normal operation.
  • The exploit is publicly available and can be triggered remotely, increasing the risk of compromise.
Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable wezterm-mcp server and attempting to exploit the command injection via the pane_id parameter.

A practical detection method is to send a crafted JSON-RPC request with a malicious pane_id value that includes shell metacharacters, for example: 1; echo WEZTERM_MCP_TEST > wezterm-mcp-poc.txt

If the file wezterm-mcp-poc.txt is created in the server's working directory, it confirms the vulnerability.

This can be done using tools like curl or any JSON-RPC client to send the crafted request to the MCP server.

Mitigation Strategies

Immediate mitigation steps include not exposing the wezterm-mcp server to untrusted clients and blocking raw JSON-RPC access from untrusted users.

Run the MCP server under a low-privilege user account to limit the impact of a potential exploit.

The recommended fix involves enforcing runtime type validation for the pane_id parameter, replacing child_process.exec with safer alternatives like execFile or spawn, and avoiding shell interpolation of attacker-controlled values.

Additionally, adding regression tests with shell metacharacters can help prevent reintroduction of this vulnerability.

Compliance Impact

This vulnerability allows remote attackers to execute arbitrary OS commands with the privileges of the MCP server process, potentially leading to unauthorized access, modification, or disruption of sensitive data and system availability.

Such unauthorized access and control can compromise the confidentiality, integrity, and availability of data, which are core principles in compliance frameworks like GDPR and HIPAA.

Therefore, exploitation of this vulnerability could lead to violations of these regulations by exposing personal or protected health information, failing to maintain data integrity, or causing service disruptions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10279. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart