CVE-2026-7061 - Vulnerability Details

- Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection

Description

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-04-26

Score: 6.9 Medium

EPSS: 1.7% Low

KEV: No

Impact:

Action:

Analysis

Impact

A weakness in the Toowiredd chatgpt-mcp-server allows remote attackers to inject arbitrary operating‑system commands through an unvalidated input in the docker.service.ts component of the MCP/HTTP interface. The injection can be triggered by carefully crafted requests, enabling the attacker to execute any system command with the privileges of the running service. This results in remote code execution and compromises the confidentiality, integrity, and availability of the host system.

Affected Systems

The vulnerability affects Toowiredd chatgpt-mcp-server versions up to and including 0.1.0. No other vendors or product versions are reported as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. Nevertheless, a publicly available proof‑of‑concept exploit exists on GitHub, and the project has been notified but not yet responded, so the risk remains unmitigated. The exploit can be carried out over the network via the exposed HTTP API, making remote attackers able to achieve arbitrary command execution. The vulnerability is not listed in CISA KEV, but its public exposure calls for immediate attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Toowiredd

chatgpt-mcp-server

affected

Version	Status	Constraints
`0.1.0`	affected	—

No data.

Vendor Product Confidence Versions

Toowiredd

Chatgpt-mcp-server

100%

Version	Status	Scheme	Platform
`0.1.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Toowiredd chatgpt-mcp-server to a fixed version as soon as it becomes available.
Restrict access to the MCP/HTTP endpoint so that only trusted IP addresses can reach it, and apply firewall rules to block unauthenticated traffic.
Limit the privileges of the Docker service or disable the endpoint path that processes user‑supplied commands to prevent arbitrary command execution.

Generated by OpenCVE AI on April 28, 2026 at 05:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01715.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/Toowiredd/chatgpt-mcp-server/
https://github.com/Toowiredd/chatgpt-mcp-server/issues/8
https://github.com/wing3e/public_exp/issues/28
https://vuldb.com/submit/798613
https://vuldb.com/vuln/359636
https://vuldb.com/vuln/359636/cti

History

Mon, 27 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Toowiredd Toowiredd chatgpt-mcp-server
Vendors & Products		Toowiredd Toowiredd chatgpt-mcp-server

Mon, 27 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 26 Apr 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title		Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/Toowiredd/chatgpt-mcp-server/ https://github.com/Toowiredd/chatgpt-mcp-server/issues/8 https://github.com/wing3e/public_exp/issues/28 https://vuldb.com/submit/798613 https://vuldb.com/vuln/359636 https://vuldb.com/vuln/359636/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Toowiredd Chatgpt-mcp-server

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-26T22:00:17.561Z

Updated: 2026-04-27T16:38:22.537Z

Reserved: 2026-04-26T07:03:10.819Z

Link: CVE-2026-7061

Vulnrichment

Updated: 2026-04-27T16:38:03.413Z

NVD

Status : Deferred

Published: 2026-04-26T22:17:33.817

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7061

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object