PhialsBasement nmap-mcp-server Command Injection Vulnerability

A command injection vulnerability exists in PhialsBasement nmap-mcp-server versions through bee6d23547d57ae02460022f7c78ac0893092e38. The issue arises in the Nmap CLI Command Handler, specifically within the child_process.exec function in src/index.ts. This vulnerability allows remote attackers to execute arbitrary commands by injecting shell metacharacters into the additionalFlags parameter, which is not properly validated before being passed to the command execution function.

Impact

Exploitation of this vulnerability could lead to arbitrary command execution on the server where the MCP Nmap server is running.

Reproduction

To reproduce this vulnerability, use the 'run_nmap_scan' function and include unvalidated input in the 'additionalFlags' parameter. The injected characters can be used to execute arbitrary commands on the server.

Remediation

Users are advised to update to the latest version of nmap-mcp-server, where this vulnerability has been fixed by replacing the exec() function with execFile(), and implementing a validation allowlist for the additionalFlags parameter.