Login Sign Up

CVE-2026-2008

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

This CVE describes a code injection vulnerability in the abhiphile fermat-mcp project's eqn_chart function. Attackers can remotely exploit this by manipulating equation arguments to execute arbitrary code. All users of fermat-mcp up to commit 47f11def1cd37e45dd060f30cdce346cbdbd6f0a are affected.

💻 Affected Systems

Products:
  • abhiphile fermat-mcp
Versions: All versions up to commit 47f11def1cd37e45dd060f30cdce346cbdbd6f0a
Operating Systems: All platforms running Python
Default Config Vulnerable: ⚠️ Yes
Notes: This product uses rolling releases, so specific version numbers are not available. All instances using the vulnerable commit are affected.

📦 What is this software?

Fermat by Abhiphile

View all CVEs affecting Fermat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to run arbitrary commands on affected systems, potentially leading to data exfiltration or system disruption.

🟢

If Mitigated

Limited impact if proper input validation and sandboxing are implemented, potentially only causing denial of service.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit is publicly available and can be initiated remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. Monitor the GitHub repository for updates and apply any security patches when released.

🔧 Temporary Workarounds

Disable or remove vulnerable component

all

Disable or remove the eqn_chart functionality if not required for your use case

# Remove or comment out eqn_chart.py usage in your codebase

Input validation and sanitization

all

Implement strict input validation for equation arguments before passing to eqn_chart function

# Add input validation logic before calling eqn_chart()

🧯 If You Can't Patch

  • Network segmentation: Isolate systems running fermat-mcp from critical infrastructure
  • Implement strict network access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if your fermat-mcp installation uses commit 47f11def1cd37e45dd060f30cdce346cbdbd6f0a or earlier: git log --oneline | head -20

Check Version:

git log --oneline | head -1

Verify Fix Applied:

Verify the repository has been updated beyond the vulnerable commit: git log --oneline | grep -A5 '47f11def1cd37e45dd060f30cdce346cbdbd6f0a'

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from Python scripts
  • Suspicious command execution patterns in application logs
  • Error messages related to eqn_chart function

Network Indicators:

  • Unexpected outbound connections from fermat-mcp processes
  • Suspicious payloads in HTTP requests to the application

SIEM Query:

process.name:python AND process.args:*fermat* AND process.args:*eqn_chart*

📊 Metadata

CVE ID: CVE-2026-2008
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-74
EPSS Score: 0.06% exploit probability (18th percentile)
Published: February 6, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2008, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)