CVE-2026-7443 | BurtTheCoder mcp-dnstwist up to 1.0.4 MCP Interface src/index.ts fuzz_domain Request os command injection

A vulnerability was found in BurtTheCoder mcp-dnstwist up to 1.0.4. It has been declared as critical. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection.

The identification of this vulnerability is CVE-2026-7443. The attack may be launched remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7443 | BurtTheCoder mcp-dnstwist up to 1.0.4 MCP Interface src/index.ts fuzz_domain Request os command injection

Post correlati

CVE-2025-21612 | StarCitizenTools mediawiki-extensions-TabberNeue up to 2.7.1 TabberTransclude.php page name cross site scripting (GHSA-4x6x-8rm8-c37j)

CVE-2023-48791 | Fortinet FortiPortal up to 7.0.6/7.2.0 Schedule System Backup Page command injection (FG-IR-23-425)

CVE-2025-67892 | pkp pkp-lib Login csrfToken cross-site request forgery

CVE-2024-53136 | Linux Kernel up to 6.1.118/6.6.62/6.11.9 shmem_getattr deadlock