INCIDENT

MCP - Critical OS command injection vulnerability (CVE-2026-706...

Critical OS command injection vulnerability (CVE-2026-7066, CVSS 7.3) discovered in simple-openstack-mcp with public exploit available and no vendor patch.

Updated: 4/30/2026

critical Severity

Status: active

Description

🚨 HIGH: CVE-2026-7066 (CVSS 7.3) - OS Command Injection in choieastsea simple-openstack-mcp. Remote exploit publicly available. Affects server[.]py exec_openstack function. No vendor response yet. #CVE #PatchNow https://t.co/uEVulPGpk5

Impact

Critical OS command injection vulnerability (CVE-2026-7066, CVSS 7.3) discovered in simple-openstack-mcp with public exploit available and no vendor patch.

MCP - Critical OS command injection vulnerability (CVE-2026-706...

Description

Impact

Attack Vectors

Mitigation

Sources