HexStrike AI MCP Server Command Injection Vulnerability

A command injection vulnerability has been identified in the HexStrike AI MCP server, specifically in the EnhancedCommandExecutor class. This issue arises when a command-line argument starting with a semi-colon is sent to an API endpoint. The injected command is executed with the same privileges as the MCP server, typically root. The vulnerability exists because the server's default configuration does not sanitize these arguments.

Impact

Exploitation of this vulnerability allows for command injection, with executed commands running in the context of the MCP server's privileges, usually as root.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/tools/nmap' endpoint with a JSON payload. The 'additional_args' field must include a semi-colon followed by the command to be executed, such as 'echo `whoami`' or 'cat /etc/passwd'. The response will include the output of the injected command, demonstrating successful exploitation.