CVE-2026-7066— simple-openstack-mcp 命令注入漏洞

choieastsea simple-openstack-mcp server.py exec_openstack os command injection

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

simple-openstack-mcp 命令注入漏洞

simple-openstack-mcp是choieastsea个人开发者的一款基于MCP的OpenStack命令执行工具。 simple-openstack-mcp存在命令注入漏洞，该漏洞源于server.py文件中exec_openstack函数的操作，可能导致os命令注入。

N/A

N/A