CVE-2026-7220— jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection

jackwrichards FastlyMCP fastly_cli Tool fastly-mcp.mjs os command injection

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastly_cli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

FastlyMCP 命令注入漏洞

FastlyMCP是Jack Richards个人开发者的一个通过API管理CDN服务的AI助手工具。 FastlyMCP存在命令注入漏洞，该漏洞源于fastly_cli Tool组件中fastly-mcp.mjs文件的command参数存在os命令注入，可能导致远程攻击。

N/A

N/A