CVE-2026-3484

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The patch is identified as 30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488. It is best practice to apply a patch to resolve this issue.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/PhialsBasement/nmap-mcp-server/	Product
https://github.com/PhialsBasement/nmap-mcp-server/commit/30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488	Patch
https://github.com/PhialsBasement/nmap-mcp-server/issues/7	Exploit Issue Tracking
https://github.com/PhialsBasement/nmap-mcp-server/issues/7#issuecomment-3814382570	Exploit Issue Tracking
https://vuldb.com/?ctiid.348559	Permissions Required VDB Entry
https://vuldb.com/?id.348559	Third Party Advisory VDB Entry
https://vuldb.com/?submit.763773	Third Party Advisory VDB Entry
https://vuldb.com/?submit.763777	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:phialsbasement:mcp_nmap_server:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:43

Type	Values Removed	Values Added
Summary		(es) Se detectó una vulnerabilidad en PhialsBasement nmap-mcp-server hasta bee6d23547d57ae02460022f7c78ac0893092e38. Este problema afecta a la función child_process.exec del archivo src/index.ts del componente Nmap CLI Gestor de Comandos. La manipulación da como resultado una inyección de comandos. El ataque puede realizarse de forma remota. Este producto utiliza un sistema de lanzamiento continuo para la entrega continua y, como tal, la información de la versión para las versiones afectadas o actualizadas no se divulga. El parche se identifica como 30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488. Es una buena práctica aplicar un parche para resolver este problema.

05 Mar 2026, 21:32

Type	Values Removed	Values Added
References	~~() https://github.com/PhialsBasement/nmap-mcp-server/ -~~	() https://github.com/PhialsBasement/nmap-mcp-server/ - Product
References	~~() https://github.com/PhialsBasement/nmap-mcp-server/commit/30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488 -~~	() https://github.com/PhialsBasement/nmap-mcp-server/commit/30a6b9e1c7fa6146f51e28d6ab83a2568d9a3488 - Patch
References	~~() https://github.com/PhialsBasement/nmap-mcp-server/issues/7 -~~	() https://github.com/PhialsBasement/nmap-mcp-server/issues/7 - Exploit, Issue Tracking
References	~~() https://github.com/PhialsBasement/nmap-mcp-server/issues/7#issuecomment-3814382570 -~~	() https://github.com/PhialsBasement/nmap-mcp-server/issues/7#issuecomment-3814382570 - Exploit, Issue Tracking
References	~~() https://vuldb.com/?ctiid.348559 -~~	() https://vuldb.com/?ctiid.348559 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.348559 -~~	() https://vuldb.com/?id.348559 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.763773 -~~	() https://vuldb.com/?submit.763773 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.763777 -~~	() https://vuldb.com/?submit.763777 - Third Party Advisory, VDB Entry
First Time		Phialsbasement Phialsbasement mcp Nmap Server
CPE		cpe:2.3:a:phialsbasement:mcp_nmap_server::::::::

03 Mar 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-03 20:16

Updated : 2026-06-17 10:43

NVD link : CVE-2026-3484

Mitre link : CVE-2026-3484

CVE.ORG link : CVE-2026-3484

JSON object : View

Products Affected

phialsbasement

mcp_nmap_server

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

6.3 /10