Skip to content
CVSS 7.3 · HIGH

CVE-2026-7211

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

View on NVD

Analysis

This is a command injection vulnerability in a specific, low-version Model Context Protocol server implementation for Git searching. While the exploit is public and the impact is high, this particular repository does not appear to be a widely adopted industry standard or a core tool for the general developer community.

Severity

Score: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Weakness (CWE): CWE-74CWE-77

EPSS

Probability of exploitation (next 30 days): 0.0218 (2.2%)
Percentile: 84.4%
EPSS: 2026-05-06

Technical description

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Published: 4/28/2026, 1:16:02 AM
Last modified: 4/29/2026, 1:00:01 AM

References

HomeEventsBlogResourcesTeam