Skip to content
CVSS 7.3 · HIGH

CVE-2026-7211

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Ver en NVD

Análisis

This is a command injection vulnerability in a specific, low-version Model Context Protocol server implementation for Git searching. While the exploit is public and the impact is high, this particular repository does not appear to be a widely adopted industry standard or a core tool for the general developer community.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-77

EPSS

Probabilidad de explotación (próx. 30 días): 0.0218 (2.2%)
Percentil: 84.4%
EPSS: 2026-05-06

Descripción técnica

A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Publicada: 28/4/2026, 1:16:02
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo