CVE-2026-2008 identifies a code injection vulnerability in the abhiphile fermat-mcp software, affecting the eqn_chart function within the fmcp/mpl_mcp/core/eqn_chart.py source file. The vulnerability arises from improper handling and sanitization of the 'equations' argument, which can be manipulated remotely to inject malicious code. This flaw allows attackers to execute arbitrary code on the affected system without requiring authentication or user interaction, leveraging network access to the vulnerable service. The fermat-mcp project employs a rolling release model, complicating version tracking and patch management, and as of the vulnerability disclosure, no official patch or response has been issued by the maintainers. The vulnerability has a CVSS 4.0 score of 5.3, indicating a medium severity level due to its network attack vector, low attack complexity, and lack of required privileges or user interaction, but with limited impact on confidentiality, integrity, and availability. The public availability of exploit code increases the urgency for organizations to assess and mitigate this risk promptly.

The primary impact of CVE-2026-2008 is the potential for remote code execution on systems running vulnerable versions of fermat-mcp, which could lead to unauthorized control over affected systems. This can compromise system confidentiality, integrity, and availability, enabling attackers to execute arbitrary commands, deploy malware, or pivot within networks. Since fermat-mcp is a specialized software component, organizations relying on it for critical operations may face service disruptions, data breaches, or further compromise. The lack of authentication and user interaction requirements lowers the barrier for exploitation, increasing the risk of automated attacks. The rolling release nature of the product complicates patch deployment, potentially prolonging exposure. While no widespread exploitation is currently reported, the public exploit availability suggests that opportunistic attackers may target vulnerable deployments, especially in environments where fermat-mcp is integrated into larger systems.

Organizations should immediately audit their environments to identify deployments of abhiphile fermat-mcp, particularly those using versions up to commit 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. Given the absence of an official patch, temporary mitigations include implementing strict input validation and sanitization on any interfaces accepting 'equations' arguments to prevent injection. Network-level controls such as firewall rules or segmentation should restrict access to the vulnerable service to trusted hosts only. Monitoring and logging of suspicious input patterns or anomalous execution behaviors related to eqn_chart function calls can aid early detection. Organizations should engage with the fermat-mcp maintainers or community to track patch releases and apply updates promptly once available. Additionally, consider deploying application-layer firewalls or runtime application self-protection (RASP) solutions that can detect and block code injection attempts. Finally, incorporate this vulnerability into incident response plans to prepare for potential exploitation scenarios.