OS Command Injection Vulnerability in Eyal-Gor p_69_branch_monkey_mcp Component
CVE-2026-7590

6.9MEDIUM

Key Information:

Vendor: Eyal-gor
Status: P 69 Branch Monkey Mcp
Vendor: CVE Published:; 1 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-7590?

A critical OS command injection vulnerability exists in the Eyal-Gor p_69_branch_monkey_mcp component, particularly within the Preview Endpoint's advanced.py file. By manipulating the 'dev_script' argument, attackers can execute arbitrary commands on the host system remotely. This vulnerability highlights the risks associated with inadequate input validation and lack of versioning, making it challenging to determine which versions may be affected. The project maintainers have been notified of this vulnerability but have not yet taken action or provided a fix.

Affected Version(s)

p_69_branch_monkey_mcp 69bc71874ce40050ef45fde5a435855f18af3373

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-7590 - Proof of Concept

References

https://vuldb.com/vuln/360543

vdb-entrytechnical-description

https://vuldb.com/vuln/360543/cti

signaturepermissions-required

https://vuldb.com/submit/804413

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 1, 2026
👾
Exploit known to exist
May 1, 2026
Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

Credit

LargeW (VulDB User)

VulDB CNA Team

CVE-2026-7590 Data

JSON

Eyal-gor