CVE-2026-7590

Name of the Vulnerable Software and Affected Versions eyal-gor p 69 branch monkey mcp versions up to 69bc71874ce40050ef45fde5a435855f18af3373

Description An OS command injection flaw exists in the Preview Endpoint component within the file branch monkey mcp/bridge and local actions/routes/advanced.py. A remote attacker can exploit this by manipulating the dev script argument, allowing for the execution of arbitrary operating system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the branch monkey mcp/bridge and local actions/routes/advanced.py file or avoid using the dev script argument in the Preview Endpoint.