Vulnerabilities ›

CVE-2026-6494

Medium

CWE-117 — Weakness Type

                    Published: Apr 17, 2026                      ·  Modified: Apr 20, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter is not properly sanitized before being written to logs, allowing the attacker to inject control characters such as newlines and ANSI escape sequences. This enables the attacker to obscure legitimate log entries and insert forged ones, which could facilitate social engineering attacks, potentially leading to an operator executing dangerous commands or visiting malicious URLs.

🤖 AI Executive Summary

A log injection vulnerability in AAP MCP server allows unauthenticated attackers to inject control characters and ANSI escape sequences through the toolsetroute parameter, enabling log manipulation and social engineering attacks. Attackers can obscure legitimate entries and forge malicious ones to trick operators into executing dangerous commands or visiting malicious URLs.

📄 Description (Arabic)

تم اكتشاف ثغرة حقن سجلات في خادم AAP MCP حيث لا يتم تعقيم معامل toolsetroute بشكل صحيح قبل كتابته في السجلات. يمكن للمهاجمين غير المصرحين إدراج أحرف التحكم وتسلسلات ANSI لتزييف إدخالات السجل وتسهيل هجمات الهندسة الاجتماعية. قد يؤدي هذا إلى خداع المشغلين لتنفيذ أوامر خطيرة أو زيارة عناوين URL ضارة.

🤖 ملخص تنفيذي (AI)

An unauthenticated remote attacker can exploit a log injection flaw in AAP MCP server by sending crafted input to the toolsetroute parameter, which lacks proper sanitization before logging. This enables injection of control characters and forged log entries to facilitate social engineering and potential command execution.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 03:22

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government telecom energy banking

🎯 MITRE ATT&CK Techniques

T1190 T1566 T1598 T1056

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update AAP MCP server to the latest patched version immediately. Implement input validation and sanitization for the toolsetroute parameter to remove or escape control characters and ANSI sequences before logging. Deploy Web Application Firewall (WAF) rules to detect and block log injection attempts. Enable log integrity monitoring and implement centralized logging with tamper detection. Restrict access to AAP MCP server to trusted networks only.

🔧 خطوات المعالجة (العربية)

قم بتحديث خادم AAP MCP إلى أحدث إصدار معدل فوراً. طبق التحقق من صحة المدخلات وتعقيم معامل toolsetroute لإزالة أو تجاوز الأحرف الخاصة وتسلسلات ANSI قبل التسجيل. نشر قواعد جدار الحماية لتطبيقات الويب لكشف ومنع محاولات حقن السجلات. فعّل مراقبة سلامة السجلات وطبق التسجيل المركزي مع كشف التلاعب. قيد الوصول إلى خادم AAP MCP على الشبكات الموثوقة فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1 A.12.4.1 A.14.2.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.AC-3 DE.CM-1

🟡 ISO 27001:2022

A.6.1.1 A.12.4.1 A.14.2.1 A.16.1.5

🔗 References & Sources 2

🔗

https://access.redhat.com/security/cve/CVE-2026-6494

secalert@redhat.com

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2459131

secalert@redhat.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-117

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-04-17

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-117

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-6494

Introduce Yourself

Sign In Required