A security vulnerability has been detected in Sunwood-ai-labs command-executor-mcp-server up to 0.1.0. This impacts the function execute_command of the file src…

A critical OS command injection vulnerability (CVE-2026-7593) has been identified in Sunwood-ai-labs command-executor-mcp-server up to version 0.1.0. The vulnerability affects the execute_command function in src/index.ts of the MCP Interface component. Remote exploitation is possible through manipulation leading to OS command injection. The exploit has been publicly disclosed and may be actively used. The project maintainers were notified through an issue report but have not yet responded to address the vulnerability.