Description
A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-02
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an OS command injection in the open_image_in_browser function of r‑huijts’ rijksmuseum‑mcp server. By manipulating the imageUrl argument, an attacker can execute arbitrary operating‑system commands on the host, thereby compromising its confidentiality, integrity and availability. The flaw is a classic input‑validation failure (CWE‑77, CWE‑78).

Affected Systems

Any instance of r‑huijts mcp‑server‑rijksmuseum up to and including version 1.0.4 is affected. The vulnerable code resides in the MCP Interface’s image opener located in src/index.ts.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate base severity, yet the flaw is exploitable remotely via the web interface and a public exploit has already been released, signaling real‑world threat potential. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. The attack is inferred to occur through a crafted imageUrl request sent to the open_image_in_browser endpoint, enabling remote command execution.

Generated by OpenCVE AI on May 2, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the newest release of r‑huijts mcp‑server‑rijksmuseum that contains the fix; the maintainers have not published a specific patch yet, so use versions released after the issue was reported.
  • If an upgrade is not immediately possible, restrict or disable the open_image_in_browser endpoint so that it cannot be accessed from untrusted parties.
  • Implement server‑side input validation that rejects or sanitizes imageUrl values containing shell metacharacters, in accordance with CWE‑77 and CWE‑78 best practices.

Generated by OpenCVE AI on May 2, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 02 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function open_image_in_browser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-02T15:30:19.386Z

Reserved: 2026-05-01T18:11:19.689Z

Link: CVE-2026-7653

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-02T16:16:16.033

Modified: 2026-05-02T16:16:16.033

Link: CVE-2026-7653

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T16:30:46Z

Weaknesses