Description
A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: 2.1% Low
KEV: No
Impact: Remote Code Execution via OS command injection
Action: Assess Impact
AI Analysis

Impact

The vulnerability resides in the exec_openstack function of server.py and allows an attacker to inject arbitrary OS commands. This form of command injection directly leads to remote code execution, compromising confidentiality, integrity, and availability of the affected system. The weakness is classified as CWE-77 and CWE-78, representing command injection and OS command injection respectively.

Affected Systems

The product impacted is choieastsea simple-openstack-mcp, any release built before the commit 767b2f4a8154cca344344b9725537a58399e6036 is vulnerable. Because the project uses rolling releases and does not publish definitive version numbers, all pending releases that incorporate code up to that commit are at risk.

Risk and Exploitability

With a CVSS score of 6.9, the vulnerability is considered medium severity. The EPSS score of 1% indicates that while exploitation is possible, it is not presently common, but the public nature of the exploit raises the likelihood of targeted attacks. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access to the exposed exec_openstack endpoint, presumably through a management API exposed over HTTP, allowing the attacker to trigger arbitrary command execution. Discovery of this flaw has been reported publicly, making it actionable for adversaries.

Generated by OpenCVE AI on April 28, 2026 at 19:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest repository commit after the issue is resolved or obtain a patched release from the vendor.
  • Restrict or disable the exec_openstack endpoint, ensuring it is protected behind strict access controls and only accessible by trusted administrative users.
  • Sanitize all user-supplied parameters before passing them to the OS command layer, using whitelists or safe execution libraries to eliminate injection vectors.
  • If an immediate fix is unavailable, isolate the service from public networks or place a firewall rule to block external access to the vulnerable API endpoints.

Generated by OpenCVE AI on April 28, 2026 at 19:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Choieastsea
Choieastsea simple-openstack-mcp
Vendors & Products Choieastsea
Choieastsea simple-openstack-mcp

Mon, 27 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function exec_openstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Title choieastsea simple-openstack-mcp server.py exec_openstack os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Choieastsea Simple-openstack-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T16:04:55.804Z

Reserved: 2026-04-26T07:14:50.991Z

Link: CVE-2026-7066

cve-icon Vulnrichment

Updated: 2026-04-27T16:04:50.910Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T00:16:20.693

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7066

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:00:19Z

Weaknesses