CVE-2026-7211: dvladimirov MCP Command Injection Vulnerability
The National Vulnerability Database has identified CVE-2026-7211, a high-severity command injection vulnerability (CVSS 7.3) in dvladimirov MCP up to version 0.1.0. The flaw resides within the GitSearchRequest function of the mcp_server.py file, specifically within the Git Search API component. Attackers can remotely exploit this by manipulating the repo_url or pattern arguments.
This isn’t a theoretical issue; an exploit for CVE-2026-7211 is publicly available, meaning active exploitation is a tangible threat. The project maintainers were reportedly informed via an issue report but have not yet responded, leaving users exposed to a critical flaw that grants attackers command execution capabilities.
For defenders, this is a clear and present danger. Unpatched instances of dvladimirov MCP are ripe for compromise. The remote nature of the attack, coupled with public exploit code, dramatically lowers the barrier for entry for threat actors. Expect to see this leveraged in initial access attempts against organizations using this component.
What This Means For You
- If your organization uses dvladimirov MCP, specifically version 0.1.0 or earlier, you are at high risk of remote command injection. This isn't a 'wait and see' situation. Immediately identify all instances of dvladimirov MCP within your environment. If no patch is available, isolate or disable the affected Git Search API component, or ideally, remove the software until a fix is released. Failure to act means leaving a critical remote execution backdoor wide open.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7211: dvladimirov MCP Git Search API Command Injection
title: CVE-2026-7211: dvladimirov MCP Git Search API Command Injection
id: scw-2026-04-28-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7211 by targeting the Git Search API in dvladimirov MCP. The rule looks for requests to the '/git/search' endpoint with 'repo_url' and 'pattern' parameters that contain characters indicative of command injection, such as semicolons, pipes, or backticks, which are used to execute arbitrary commands.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7211/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/git/search'
cs-uri-query|contains:
- 'repo_url='
- 'pattern='
cs-uri-query|contains:
- ';'
- '|'
- '&&'
- '||'
- '`'
- '$()'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7211 | Command Injection | dvladimirov MCP up to 0.1.0 |
| CVE-2026-7211 | Command Injection | mcp_server.py:GitSearchRequest function |
| CVE-2026-7211 | Command Injection | Manipulation of argument repo_url/pattern |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 04:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7214: eghuzefa engineer-your-data Path Traversal Vulnerability (High Severity)
CVE-2026-7214 — A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of...
ef10007 MLOps_MCP Path Traversal (CVE-2026-7213) Publicly Exploitable
CVE-2026-7213 — A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The...
CVE-2026-7212: edvardlindelof notes-mcp Path Traversal Vulnerability
CVE-2026-7212 — A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation...