1. Command Injection

Published on 30 June 2025 • Updated on 9 September 2025

1. Command Injection

MCP Servers accept structured inputs, but if these inputs are not properly validated, attackers can smuggle system commands inside them.

{ "target": "example.com; cat /etc/passwd" }

If the server passes this input directly to a shell command without sanitization, the attacker gains unauthorized access to sensitive system files.

Risk: Even a single unsanitized field can escalate into full system compromise, as attackers chain injection with privilege escalation or lateral movement.

Mitigation:

• Enforce strict input validation (e.g., regex allowlists).
• Never execute raw user input in shell commands.

Use safe libraries (e.g., subprocess.run([…], shell=False)) instead of string concatenation.