CVE-2026-3484

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PhialsBasement nmap-mcp-server versions up to bee6d23547d57ae02460022f7c78ac0893092e38

Description A command injection issue exists in the child process.exec function within the Nmap CLI Command Handler component, located in the src/index.ts file. This manipulation can be performed remotely. The product utilizes a rolling release system, and specific version information for affected or updated releases is not disclosed.

Recommendations Apply patch 30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488 to resolve this issue.

Exploit

Fix

RCE

Command Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-74

Related Identifiers

CVE-2026-3484

GHSA-XC68-RRQC-QGQ3

Affected Products

Nmap

Nmap-Mcp-Server

CVE-2026-3484

Weakness Enumeration

Related Identifiers

Affected Products

References · 17