CVE-2026-3484 is a command injection vulnerability found in the PhialsBasement nmap-mcp-server, a component that handles Nmap CLI commands. The vulnerability resides in the child_process.exec function within src/index.ts, which executes system commands. Due to insufficient input validation or sanitization, an attacker can manipulate inputs to inject arbitrary commands that the server executes with the privileges of the running process. The attack vector is remote network access, requiring no authentication or user interaction, and has low attack complexity. The product follows a rolling release system, meaning version numbers are replaced by commit hashes, complicating identification of affected versions; the vulnerability affects versions up to commit bee6d23547d57ae02460022f7c78ac0893092e38. A patch is available in commit 30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the moderate impact and ease of exploitation. The vulnerability can lead to unauthorized command execution, potentially compromising system confidentiality, integrity, and availability. No known exploits have been reported in the wild yet, but the risk remains significant given the nature of the flaw.

The impact of CVE-2026-3484 is substantial for organizations using the PhialsBasement nmap-mcp-server, particularly those relying on it for network scanning and management. Successful exploitation allows remote attackers to execute arbitrary commands, potentially leading to full system compromise, data theft, service disruption, or lateral movement within networks. Confidentiality can be breached by unauthorized data access or exfiltration; integrity can be compromised by altering system files or configurations; availability can be affected by executing disruptive commands or malware. Since the vulnerability requires no authentication or user interaction, it can be exploited by any remote attacker with network access to the service. This elevates the risk in environments where the service is exposed to untrusted networks or the internet. The rolling release nature of the product may delay patch deployment, increasing exposure time. Organizations in sectors with high reliance on network scanning tools, such as cybersecurity firms, managed service providers, and enterprises with complex network infrastructures, face higher operational risks.

To mitigate CVE-2026-3484, organizations should immediately apply the patch identified by commit 30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488 to the nmap-mcp-server. Given the rolling release model, continuous monitoring of the project's repository for updates is essential. Restrict network access to the nmap-mcp-server service using firewalls or network segmentation to limit exposure to trusted hosts only. Implement strict input validation and sanitization in any custom integrations or wrappers around the vulnerable component. Employ runtime application self-protection (RASP) or intrusion detection systems (IDS) to monitor for suspicious command execution patterns. Regularly audit logs for unusual command execution or access attempts. Consider running the service with the least privilege necessary to limit the impact of potential exploitation. Finally, maintain an incident response plan to quickly address any suspected compromise stemming from this vulnerability.