CVE-2026-7039 | tufantunc ssh-mcp up to 1.5.0 src/index.ts shell.write Description command injection (Issue 44)

Inserito da Angelo Barbosa | Apr 25, 2026 | CVE

A vulnerability classified as critical was found in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection.

This vulnerability is listed as CVE-2026-7039. The attack must be carried out locally. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7039 | tufantunc ssh-mcp up to 1.5.0 src/index.ts shell.write Description command injection (Issue 44)

Post correlati

CVE-2024-10027 | WP Booking Calendar Plugin up to 10.6.2 on WordPress Setting cross site scripting

CVE-2025-9650 | yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3 AppFileUtils.java removeFileByPath carimg path traversal

CVE-2024-57514 | TP-Link Archer A20 v3 1.0.6 Build 20231011 rel.85717(5553) cross site scripting

CVE-2024-11941 | Drupal up to 10.1.7/10.2.1 infinite loop (sa-core-2024-001)