PT-2026-35273 · Choieastsea · Simple-Openstack-Mcp

Mida

Published

2026-04-26

Updated

2026-04-30

CVE-2026-7066

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions choieastsea simple-openstack-mcp versions prior to 767b2f4a8154cca344344b9725537a58399e6036

Description An OS command injection flaw exists that allows remote attackers to execute arbitrary commands. The issue is located within the exec openstack() function of the server.py file. This flaw is currently under active exploitation.

Recommendations Remove the package immediately. As a temporary workaround, consider restricting the use of the exec openstack() function until a patch is available.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-7066

Affected Products

Simple-Openstack-Mcp

PT-2026-35273 · Choieastsea · Simple-Openstack-Mcp

CVE-2026-7066

Weakness Enumeration

Related Identifiers

Affected Products

References · 10