ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection_CVE-2026-7600

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7600

Source VulDB

Published May 2, 2026 at 00:15

Affected Product

Vendor ArtMin96

Product yii2-mcp-server

Version 1.0.2

Affected Versions ArtMin96 yii2-mcp-server 1.0.2

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-02T00:15:11.779Z",
    "modified": "2026-05-02T00:15:11.779Z",
    "type": "cve",
    "title": "ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360557\nhttps://vuldb.com/vuln/360557/cti\nhttps://vuldb.com/submit/805613\nhttps://github.com/ArtMin96/yii2-mcp-server/issues/3\nhttps://github.com/BruceJqs/public_exp/issues/29\nhttps://github.com/ArtMin96/yii2-mcp-server/",
    "id": "CVE-2026-7600",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "ArtMin96 yii2-mcp-server 1.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "yii2-mcp-server",
    "version": "1.0.2",
    "vendor": "ArtMin96",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}