A remote OS command injection vulnerability (CVE-2026-7590) was identified in eyal-gor p_69_branch_monkey_mcp project up to commit 69bc71874ce40050ef45fde5a435855f18af3373. The vulnerability exists in the Preview Endpoint component, specifically in the advanced.py file, where manipulation of the dev_script argument leads to command injection. The attack can be launched remotely and exploits are publicly available. The project does not use versioning, making it difficult to determine affected releases. Despite early notification through an issue report, the project maintainer has not responded to the vulnerability disclosure.