CVE-2026-7443

Name of the Vulnerable Software and Affected Versions mcp-dnstwist versions prior to 1.0.5

Description A weakness in the MCP Interface component allows for remote OS command injection. The issue exists within the fuzz domain() function located in the src/index.ts file, where improper handling of the Request argument enables the execution of arbitrary operating system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the fuzz domain() function to minimize the risk of exploitation.