choieastsea simple-openstack-mcp OS Command Injection Vulnerability (CVE-2026-7066)

A critical vulnerability, identified as CVE-2026-7066, has been discovered in choieastsea simple-openstack-mcp up to version 767b2f4a8154cca344344b9725537a58399e6036. This vulnerability resides within the exec_openstack function of the server.py file. Due to insufficient input sanitization, a remote attacker can inject arbitrary OS commands. The exploit is publicly available, increasing the risk of exploitation. The vendor utilizes rolling releases, so specific affected versions are difficult to pinpoint. The project has been notified of the vulnerability but has not yet addressed it. This vulnerability poses a significant risk to systems running the affected software.

Attack Chain

1. The attacker identifies a vulnerable instance of choieastsea simple-openstack-mcp running a version up to 767b2f4a8154cca344344b9725537a58399e6036.
2. The attacker crafts a malicious HTTP request targeting the server.py endpoint responsible for handling exec_openstack function calls.
3. Within the HTTP request, the attacker injects OS commands into a parameter that is processed by the exec_openstack function without proper sanitization.
4. The server.py script receives the crafted request and passes the attacker-controlled input directly to a shell interpreter, such as os.system() or subprocess.Popen().
5. The injected OS commands are executed with the privileges of the user running the simple-openstack-mcp application.
6. The attacker gains arbitrary code execution on the server, allowing them to perform actions such as installing malware, creating new user accounts, or accessing sensitive data.
7. The attacker may then use the compromised server as a pivot point to further compromise the internal network.

Impact

Successful exploitation of CVE-2026-7066 allows a remote attacker to execute arbitrary OS commands on the affected system. This can lead to full system compromise, data theft, and potential disruption of services. Given the nature of OpenStack environments, this could impact multiple virtual machines and cloud resources.

Recommendation

• Examine web server logs for requests targeting server.py with unusual parameters or command-like syntax, which can indicate exploitation attempts. Implement the first Sigma rule provided.
• Deploy the second Sigma rule to detect suspicious processes spawned by the web server that may be the result of command injection.
• Monitor network connections originating from the server running simple-openstack-mcp for unusual outbound traffic to external IPs which might signal data exfiltration or C2 communication after a successful exploit using the third Sigma rule.
• Apply input validation and sanitization to the exec_openstack function within server.py to prevent command injection.
• While specific patch information is unavailable, closely monitor the choieastsea simple-openstack-mcp project for updates addressing CVE-2026-7066.