Description
A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-26
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Credential Exposure
Action: Assess Impact
AI Analysis

Impact

The flaw in the Command Line Handler of ssh‑mcp exposes credentials because the src/index.ts file does not properly protect stored or transmitted credentials. An attacker who is able to execute commands locally can read these credentials, allowing unauthorized access to the SSH connections managed by the tool and potentially compromising the systems to which the connections are made.

Affected Systems

The vulnerable product is tufantunc’s ssh‑mcp, in all releases up to and including 1.5.0. No later versions are listed as fixed, and the project has yet to release a patch for this issue.

Risk and Exploitability

The CVSS base score of 4.8 assigns a medium severity, while the EPSS score of less than 1% indicates a very low likelihood of public exploitation at this time. The vulnerability is not currently catalogued in the CISA KEV database. The attack vector is limited to local execution; thus, a local attacker or one who gains local execution privileges can read the exposed credentials. Because the exploit source code is publicly available, the primary risk is the potential compromise of SSH credentials and subsequent unauthorized access to protected services.

Generated by OpenCVE AI on April 28, 2026 at 19:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any updated release of ssh‑mcp that fixes the credential protection issue, or apply a vendor‐supplied patch if available.
  • Restrict local execution of the ssh‑mcp command to trusted administrators only and enforce mandatory access controls such as SELinux or AppArmor to limit read access to the src/index.ts file and related configuration data.
  • Remove any hard‑coded credentials from src/index.ts or configuration files, replace them with secure credential stores or environment variables, and audit logs for unauthorized reads of credential data.

Generated by OpenCVE AI on April 28, 2026 at 19:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Tufantunc
Tufantunc ssh-mcp
Vendors & Products Tufantunc
Tufantunc ssh-mcp

Sun, 26 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title tufantunc ssh-mcp Command Line index.ts insufficiently protected credentials
Weaknesses CWE-522
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Tufantunc Ssh-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T16:53:30.880Z

Reserved: 2026-04-25T15:46:42.629Z

Link: CVE-2026-7038

cve-icon Vulnrichment

Updated: 2026-04-27T16:53:22.355Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T12:16:23.373

Modified: 2026-04-27T18:50:06.087

Link: CVE-2026-7038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:00:19Z

Weaknesses