CVE-2026-7443: BurtTheCoder mcp-dnstwist OS Command Injection
The National Vulnerability Database has detailed CVE-2026-7443, a high-severity OS command injection vulnerability impacting BurtTheCoder’s mcp-dnstwist tool, specifically versions up to 1.0.4. The flaw resides within the fuzz_domain function of the src/index.ts file, a component of the MCP Interface. An attacker can remotely trigger this vulnerability by manipulating the Request argument.
This is not a theoretical threat. The exploit has been publicly released, meaning attackers can immediately leverage it. The project maintainers were notified via an issue report but, according to the National Vulnerability Database, have yet to respond. This lack of response leaves users exposed to a critical vulnerability with a CVSS score of 7.3.
Organizations utilizing mcp-dnstwist are at significant risk. An OS command injection allows an attacker to execute arbitrary commands on the underlying system, potentially leading to full system compromise, data exfiltration, or further network penetration. The attacker’s calculus here is straightforward: exploit an unpatched, publicly known vulnerability for direct system access.
What This Means For You
- If your organization uses BurtTheCoder mcp-dnstwist, specifically versions up to 1.0.4, you are immediately vulnerable to remote code execution. This isn't a theoretical risk; the exploit is public. Audit your systems for mcp-dnstwist installations and disable or isolate them until a patch is available. Prioritize this fix — OS command injection is a critical attack vector.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7443 | Command Injection | BurtTheCoder mcp-dnstwist up to 1.0.4 |
| CVE-2026-7443 | Command Injection | Vulnerable function: fuzz_domain in src/index.ts |
| CVE-2026-7443 | Command Injection | Vulnerable component: MCP Interface |
| CVE-2026-7443 | Command Injection | Attack vector: manipulation of the argument Request leading to os command injection |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 30, 2026 at 02:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7420: UTT HiPER 1250GW Buffer Overflow Exploitable Remotely
CVE-2026-7420 — A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The...
UTT HiPER 1250GW CVE-2026-7419: Remote Buffer Overflow Exploitable
CVE-2026-7419 — A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation...
UTT HiPER 1250GW: High-Severity Buffer Overflow (CVE-2026-7418)
CVE-2026-7418 — A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a...