CVE-2026-7038

Sažetak

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Reference

https://github.com/tufantunc/ssh-mcp/
https://github.com/tufantunc/ssh-mcp/issues/42
https://vuldb.com/submit/798525
https://vuldb.com/vuln/359618
https://vuldb.com/vuln/359618/cti

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

26-04-2026 - 12:16

Objavljeno

26-04-2026 - 12:16