CVE-2026-7064 - Vulnerability Details

- AgentDeskAI browser-tools-mcp browser-connector.ts os command injection

Description

A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-04-26

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in the browser-connector.ts module of AgentDeskAI browser-tools-mcp, affecting versions up to 1.2.0. Unvalidated input in an unknown processing routine allows an attacker to inject operating–system commands, resulting in remote command execution. The vulnerability is classified under CWE-77 and CWE-78 and the exploit can be triggered from a remote location. The exploit has been published and may already be used in attacks. EPSS indicates a very low exploitation probability (<1%) and the vulnerability is not listed in CISA KEV.

Affected Systems

AgentDeskAI’s browser-tools-mcp package, specifically any deployment of the browser-tools-mcp component no newer than version 1.2.0. No further sub‑product or version details are available beyond the overall package name.

Risk and Exploitability

The CVSS score of 6.9 places the flaw in the high‑to‑moderate severity range, meaning a successful exploit would grant the attacker full control over system commands. The very low EPSS suggests that attacks are currently rare, yet the presence of a publicly available exploit introduces a real threat. Because the vulnerability can be triggered from remote connections, the risk remains significant until a patch is applied or mitigated. The lack of a KEV listing indicates that the vulnerability is not actively tracked as a high‑profile threat, but it still warrants timely action.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AgentDeskAI

browser-tools-mcp

affected

Version	Status	Constraints
`1.0`	affected	—
`1.1`	affected	—
`1.2.0`	affected	—

No data.

Vendor Product Confidence Versions

Agentdeskai

Browser-tools-mcp

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—
`1.1`	affected	generic	—
`1.2.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade AgentDeskAI browser-tools-mcp to a non‑affected version (1.2.1 or later) as soon as the vendor releases a fix.
If an upgrade is not immediately possible, block or remove access to the browser-connector.ts component from external inputs to prevent exploitation.
Implement input validation or operating‑system command whitelisting around the vulnerable routines to mitigate command injection risk.
Monitor system logs for anomalous command execution and alert on suspicious activity.

Generated by OpenCVE AI on April 28, 2026 at 05:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0049.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/AgentDeskAI/browser-tools-mcp/
https://github.com/AgentDeskAI/browser-tools-mcp/issues/232
https://vuldb.com/submit/798616
https://vuldb.com/vuln/359639
https://vuldb.com/vuln/359639/cti

History

Mon, 27 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Agentdeskai Agentdeskai browser-tools-mcp
Vendors & Products		Agentdeskai Agentdeskai browser-tools-mcp

Mon, 27 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 26 Apr 2026 23:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead to os command injection. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		AgentDeskAI browser-tools-mcp browser-connector.ts os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/AgentDeskAI/browser-tools-mcp/ https://github.com/AgentDeskAI/browser-tools-mcp/issues/232 https://vuldb.com/submit/798616 https://vuldb.com/vuln/359639 https://vuldb.com/vuln/359639/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Agentdeskai Browser-tools-mcp

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-26T22:45:12.530Z

Updated: 2026-04-27T13:30:40.351Z

Reserved: 2026-04-26T07:10:46.427Z

Link: CVE-2026-7064

Vulnrichment

Updated: 2026-04-27T13:13:01.524Z

NVD

Status : Deferred

Published: 2026-04-26T23:16:21.907

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7064

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object