📄 Description (English)
A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pane. The manipulation of the argument request.params.arguments.pane_id leads to os command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
🤖 AI Executive Summary
CVE-2026-10279 is a remote OS command injection vulnerability in wezterm-mcp 0.1.0 affecting the switch_pane/write_to_specific_pane function. An attacker can manipulate the pane_id parameter to execute arbitrary OS commands remotely. With a CVSS score of 6.3 (medium) and publicly available exploit code, this poses a moderate risk to organizations using this terminal multiplexer component, particularly in development and DevOps environments.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 1, 2026 22:40
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi technology companies, government IT departments, and financial institutions that utilize wezterm-mcp in development environments or terminal infrastructure. High-risk sectors include: (1) Banking/SAMA-regulated institutions using this for secure terminal access; (2) Government/NCA entities with development infrastructure; (3) Telecommunications (STC, Mobily) with DevOps pipelines; (4) Energy sector (ARAMCO) development teams; (5) Healthcare organizations with terminal-based systems. The remote nature of the exploit makes it particularly concerning for organizations with internet-facing development infrastructure.
🏢 Affected Saudi Sectors
Technology/Software Development
Banking and Financial Services
Government and Public Administration
Telecommunications
Energy (Oil & Gas)
Healthcare
Education
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all systems running wezterm-mcp 0.1.0 across your organization
2. Restrict network access to affected systems using firewall rules - limit to trusted internal networks only
3. Disable the switch_pane/write_to_specific_pane functionality if not critical
4. Monitor for suspicious pane_id parameter values in logs
PATCHING GUIDANCE:
1. Contact wezterm-mcp maintainers for patch availability status
2. Prepare to upgrade immediately when patch is released
3. Test patches in isolated development environment first
4. Plan rollout to production systems with minimal downtime
COMPENSATING CONTROLS (until patch available):
1. Implement input validation/sanitization for pane_id parameters at application level
2. Use Web Application Firewall (WAF) rules to block suspicious pane_id values containing shell metacharacters (|, ;, &, $, `, etc.)
3. Run wezterm-mcp with minimal privileges (non-root user)
4. Implement network segmentation - isolate development systems from production
5. Enable comprehensive logging and alerting on command execution
DETECTION RULES:
1. Monitor for pane_id parameters containing: pipe (|), semicolon (;), ampersand (&), backticks (`), dollar signs ($), parentheses
2. Alert on unexpected child processes spawned from wezterm-mcp process
3. Monitor system logs for command execution from wezterm-mcp service account
4. Track failed and successful authentication attempts to affected systems
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل wezterm-mcp 0.1.0 عبر مؤسستك
2. تقييد الوصول إلى الشبكة للأنظمة المتأثرة باستخدام قواعد جدار الحماية - حصر الوصول على الشبكات الداخلية الموثوقة فقط
3. تعطيل وظيفة switch_pane/write_to_specific_pane إذا لم تكن حرجة
4. مراقبة قيم معامل pane_id المريبة في السجلات
إرشادات التصحيح:
1. الاتصال بمسؤولي wezterm-mcp للتحقق من توفر التصحيح
2. التحضير للترقية فوراً عند إصدار التصحيح
3. اختبار التصحيحات في بيئة التطوير المعزولة أولاً
4. التخطيط لنشر الأنظمة الإنتاجية بأقل وقت توقف
الضوابط البديلة (حتى توفر التصحيح):
1. تنفيذ التحقق من صحة المدخلات/تنظيفها لمعاملات pane_id على مستوى التطبيق
2. استخدام قواعد جدار تطبيقات الويب (WAF) لحظر قيم pane_id المريبة التي تحتوي على أحرف shell (|، ;، &، $، `، إلخ)
3. تشغيل wezterm-mcp بامتيازات محدودة (مستخدم غير جذر)
4. تنفيذ تقسيم الشبكة - عزل أنظمة التطوير عن الإنتاج
5. تفعيل السجلات الشاملة والتنبيهات على تنفيذ الأوامر
قواعد الكشف:
1. مراقبة معاملات pane_id التي تحتوي على: أنبوب (|)، فاصلة منقوطة (;)، علامة العطف (&)، علامات خلفية (`)، علامات دولار ($)، أقواس
2. التنبيه على العمليات الفرعية غير المتوقعة التي تم إنشاؤها من عملية wezterm-mcp
3. مراقبة سجلات النظام لتنفيذ الأوامر من حساب خدمة wezterm-mcp
4. تتبع محاولات المصادقة الفاشلة والناجحة للأنظمة المتأثرة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.5.2.1 - User access management
A.5.2.3 - Management of privileged access rights
A.5.3.1 - Password management
A.8.1.1 - Audit logging
A.8.2.1 - Monitoring and logging of access and changes
A.8.3.1 - Protection against malware
A.12.2.1 - Change management procedures
🔵 SAMA CSF
Governance - Policy and Risk Management
Governance - Compliance and Audit
Protection - Access Control
Protection - Data Protection
Detection - Monitoring and Logging
Response - Incident Management
🟡 ISO 27001:2022
A.5.1.1 - Policies for information security
A.5.2.1 - User access management
A.5.2.3 - Management of privileged access rights
A.5.3.1 - Password management
A.8.1.1 - Audit logging
A.8.2.1 - Monitoring and logging
A.8.2.3 - Administrator and operator logs
A.8.3.1 - Protection against malware
A.12.2.1 - Change management
🔗 References & Sources 6
🔗
🔗
🔗
🔗
🔗
🔗
https://github.com/hiraishikentaro/wezterm-mcp/
cna@vuldb.com
https://github.com/hiraishikentaro/wezterm-mcp/issues/7
cna@vuldb.com
https://vuldb.com/cve/CVE-2026-10279
cna@vuldb.com
https://vuldb.com/submit/825419
cna@vuldb.com
https://vuldb.com/vuln/367572
cna@vuldb.com
https://vuldb.com/vuln/367572/cti
cna@vuldb.com