CVE-2026-2130 is a command injection vulnerability identified in the mcp-maigret software developed by BurtTheCoder, affecting all versions from 1.0.0 through 1.0.12. The vulnerability resides in the search_username component, specifically within the src/index.ts file. It occurs due to insufficient sanitization or validation of the Username argument, allowing an attacker to inject arbitrary commands that the system executes. The attack vector is remote network access without requiring user interaction, but it requires low-level privileges on the system. The vulnerability impacts confidentiality, integrity, and availability by enabling attackers to execute arbitrary commands, potentially leading to data leakage, system compromise, or denial of service. The CVSS v4.0 base score is 5.3, reflecting medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), and no user interaction (UI:N). The vulnerability scope is limited to the affected component without privilege escalation or scope change. No known exploits have been reported in the wild as of the publication date. The vendor has released version 1.0.13 containing a patch identified by commit b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a, which addresses the input validation flaw. Users of mcp-maigret should upgrade promptly to mitigate the risk.

The vulnerability allows remote attackers to execute arbitrary commands on systems running vulnerable versions of mcp-maigret, potentially leading to full system compromise. This can result in unauthorized access to sensitive data, disruption of services, and the ability to pivot within internal networks. The medium severity score indicates a moderate risk, but the ease of remote exploitation without user interaction increases the threat level. Organizations relying on mcp-maigret for username searching or related functions may face operational disruptions and data breaches if exploited. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as proof-of-concept exploits may emerge. The impact is particularly significant for environments where mcp-maigret is exposed to untrusted networks or integrated into critical workflows.

1. Immediately upgrade all instances of mcp-maigret to version 1.0.13 or later, which contains the official patch for this vulnerability. 2. Implement strict input validation and sanitization for all user-supplied data, especially the Username argument, to prevent command injection. 3. Employ application-layer firewalls or intrusion detection systems to monitor and block suspicious command injection attempts targeting the search_username component. 4. Restrict network access to mcp-maigret services to trusted internal networks or VPNs to reduce exposure to remote attackers. 5. Conduct regular code reviews and security testing focusing on injection flaws in all components handling user input. 6. Monitor logs for unusual command execution patterns or errors related to the search_username functionality. 7. Apply the principle of least privilege to the mcp-maigret service accounts to limit potential damage from exploitation. 8. Educate developers and administrators about secure coding practices and the importance of timely patching.