CVE-2026-7061: A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown funct
highvulnerabilityLLM-Specific
security
Summary
A vulnerability (CVE-2026-7061) was found in Toowiredd chatgpt-mcp-server version 0.1.0 that allows OS command injection (running unauthorized system commands on a server through malicious input) in the MCP/HTTP component. The flaw can be exploited remotely by attackers, and public exploit code is already available, but the developers have not yet responded to the security report.
Vulnerability Details
CVSS Score
7.3(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
network
Attack Complexity
low
Privileges Required
none
User Interaction
none
Disclosure Date
April 26, 2026
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7061
First tracked: April 27, 2026 at 02:07 AM
Classified by LLM (prompt v3) · confidence: 75%