CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-55786

highCVSS 8.4covered by 1 sourcefirst seen 2026-07-06
Unauthenticated Command Execution via HTTP MCP execute_module Summary The HTTP MCP endpoint (POST /mcp) in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.execute_shell, which passes attacker-controlled input directly to asyncio.create_subprocess_shell. An unauthenticated attacker can execute arbitrary OS commands as the flyto-core server process. By default the server binds to 127.0.0.1, making this a High-severity local vulnerability (CVSS 8.4); if started with --host 0.0.0.0, it becomes remotely exploitable over the network. Dynamic reproduction confirmed command execution as root inside a Docker container without any Authorization header. Details flyto-core exposes an HTTP API via FastAPI. When the API is started (flyto serve), the MCP router is unconditionally mounted at /mcp (src/core/api/server.py:75-78). The route handler at src/core/api/routes/mcp.py:65-66 declares @router.post("") with no Depends(require_auth) dependency, unlike the analogous REST execution routes (src/core/api/routes/modules.py:93) which enforce both authentication and a module denylist. The complete unauthenticated data flow from source to sink: 1. src/core/api/server.py:75-78 — mcp_router is mounted under /mcp unconditionally at app creation. 2. src/core/api/routes/mcp.py:65-66 — @router.post("") has no Depends(require_auth) guard; any HTTP client may POST to this route. 3. src/core/api/routes/mcp.py:79 — the full request body (attacker-controlled JSON) is parsed without validation. 4. src/core/api/routes/mcp.py:103-104 — each JSON-RPC item is forwarded to handle_jsonrpc_request without a module_filter. 5. **src/core/mcp_handler.py:813-838** — tools/call with name execute_module forwards attacker-controlled module_id and params to execute_module(). 6. **src/core/mcp_handler.py:180, 214-215** — the

⚡ Watch CVE-2026-55786

Get an email if CVE-2026-55786 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-55786

CVE.org record

Embed the live status

CVE-2026-55786 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-55786 status](https://www.csirts.com/badge/CVE-2026-55786)](https://www.csirts.com/cve/CVE-2026-55786)