CVE-2026-7215

MEDIUM EPSS 67.7%

Published Apr 28, 20262mo ago · Modified Jun 17, 20261w ago

5.5 CVSS 4.0

Medium

Published Apr 28, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

A security flaw has been discovered in egtai gmx-vmd-mcp up to 0.1.0. This issue affects the function launch_vmd_gui_tool of the file mcp_server.py of the component VMD Launch Handler. The manipulation of the argument structure_file/trajectory_file results in command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

Base Score

5.5

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

67.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-74

CWE-77 Command Injection Injection

References 5

github.com https://github.com/egtai/gmx-vmd-mcp/
github.com https://github.com/egtai/gmx-vmd-mcp/issues/2
vuldb.com https://vuldb.com/submit/802087
vuldb.com https://vuldb.com/vuln/359815
vuldb.com https://vuldb.com/vuln/359815/cti

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.