PatchSiren cyber security CVE debrief
CVE-2026-10279 hiraishikentaro CVE debrief
A command injection vulnerability exists in hiraishikentaro wezterm-mcp version 0.1.0, specifically within the `src/wezterm_executor.ts` file in the `switch_pane`/`write_to_specific_pane` component. The `request.params.arguments.pane_id` parameter is insufficiently sanitized, allowing an attacker to inject operating system commands. The attack vector is network-based and requires low privileges with no user interaction. The vulnerability was disclosed to the project via a GitHub issue report prior to publication, but the vendor had not responded at the time of CVE publication. A public exploit is available, increasing the likelihood of active use. The CVSS 4.0 base score is 2.1 (LOW severity), reflecting limited impacts on confidentiality, integrity, and availability. The weakness is classified under CWE-77 (Command Injection) and CWE-78 (OS Command Injection).
- Vendor
- hiraishikentaro
- Product
- wezterm-mcp
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-01
- Original CVE updated
- 2026-06-02
- Advisory published
- 2026-06-01
- Advisory updated
- 2026-06-02
Who should care
Organizations running wezterm-mcp 0.1.0 in production or development environments, particularly those exposing the service to network access. Security teams monitoring for command injection vulnerabilities in Model Context Protocol (MCP) implementations. Developers integrating wezterm-mcp or similar MCP servers into AI-assisted workflows.
Technical summary
The vulnerability resides in `src/wezterm_executor.ts` of hiraishikentaro/wezterm-mcp 0.1.0. The `request.params.arguments.pane_id` parameter in the `switch_pane`/`write_to_specific_pane` component is passed to a command execution context without adequate sanitization, enabling OS command injection. An attacker with low privileges can send a crafted request over the network to execute arbitrary commands on the host system. The exploit is publicly available. The project maintainer was notified via GitHub issue #7 but had not responded as of the CVE publication date (2026-06-01).
Defensive priority
medium
Recommended defensive actions
- Review and restrict network access to wezterm-mcp instances where possible, as the attack vector is remote.
- Validate and sanitize the `pane_id` parameter in `src/wezterm_executor.ts` before passing to any command execution function; use allowlists or parameterized approaches rather than string concatenation.
- Monitor for unexpected process execution or shell activity originating from wezterm-mcp processes.
- Apply updates from the hiraishikentaro/wezterm-mcp project when available; track GitHub issue #7 for vendor response.
- Consider disabling or isolating the `switch_pane`/`write_to_specific_pane` functionality if not required until a patch is released.
Evidence notes
The vulnerability description and technical details are sourced from the NVD record and Vuldb references. The CVSS 4.0 vector string indicates network attack vector (AV:N), low attack complexity (AC:L), low privileges required (PR:L), and no user interaction (UI:N), with low impacts on confidentiality, integrity, and availability (VC:L/VI:L/VA:L). The exploit existence (E:P) is noted in the CVSS vector. The vendor was notified through GitHub issue #7 prior to CVE publication, with no response received.
Official resources
2026-06-01