Unauthenticated Command Execution via HTTP MCP execute_module Summary The HTTP MCP endpoint (POST /mcp) in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modu…
| CVE ID | CVE-2026-55786 |
| Vendor | pip |
| Affected Product | flyto-core |
| Vulnerability Type | Vulnerability |
| CVSS Score | 8.4 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
execute_modulePOST /mcp) in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.execute_shell, which passes attacker-controlled input directly to asyncio.create_subprocess_shell. An unauthenticated attacker can execute arbitrary OS commands as the flyto-core server process. By default the server binds to 127.0.0.1, making this a High-severity local vulnerability (CVSS 8.4); if started with --host 0.0.0.0, it becomes remotely exploitable over the network. Dynamic reproduction confirmed command execution as root inside a Docker container without any Authorization header.Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.