CVE-2026-2130 identifies a command injection vulnerability in the mcp-maigret product developed by BurtTheCoder, affecting all versions from 1.0.0 through 1.0.12. The vulnerability resides in the search_username component within the source file src/index.ts, where the Username argument is improperly sanitized or validated. This flaw allows an attacker to inject and execute arbitrary system commands remotely by manipulating the Username input parameter. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), no privileges (PR:L) but some limited privileges are needed, no user interaction (UI:N), and results in low confidentiality, integrity, and availability impacts (VC:L, VI:L, VA:L). The vulnerability does not require user interaction and can be exploited remotely, increasing its risk profile. The issue is addressed in version 1.0.13 by a patch identified as b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a, which properly sanitizes the input to prevent command injection. Although no known exploits have been reported in the wild, the nature of command injection vulnerabilities makes this a significant risk if left unpatched. The CVSS v4.0 base score is 5.3, categorizing it as medium severity. The vulnerability's exploitation could allow attackers to execute arbitrary commands on affected systems, potentially leading to unauthorized data access, system compromise, or service disruption.

For European organizations, the impact of CVE-2026-2130 could be substantial if mcp-maigret is integrated into critical infrastructure or business processes. Successful exploitation could lead to unauthorized command execution, allowing attackers to manipulate or exfiltrate sensitive data, disrupt services, or pivot within networks. This could affect confidentiality, integrity, and availability of systems running the vulnerable software. Organizations in sectors such as technology, telecommunications, and government that rely on mcp-maigret for username search or related functionalities may face operational disruptions or data breaches. The remote exploitability without user interaction increases the risk of automated attacks or wormable scenarios. Although no active exploits are reported, the vulnerability's presence in a publicly known component could attract attackers targeting European entities, especially those with limited patch management capabilities.

European organizations should immediately upgrade all instances of BurtTheCoder mcp-maigret to version 1.0.13 or later, which contains the official patch addressing the command injection vulnerability. In addition to patching, organizations should implement strict input validation and sanitization controls on all user-supplied data, particularly in components handling usernames or other external inputs. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block suspicious command injection patterns targeting the vulnerable endpoint. Monitoring and logging of application inputs and system command executions should be enhanced to detect potential exploitation attempts. Organizations should also conduct regular vulnerability assessments and penetration tests focusing on injection flaws. Limiting the privileges of the mcp-maigret service account can reduce the impact of a successful exploit. Finally, ensure that incident response plans include procedures for command injection scenarios to enable rapid containment and remediation.