CVE-2026-47708

CRITICALPre-NVD 0.0
0.0
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • No confirmed exploitation signals yet
CISA-KEV: Not listedEPSS: 1%CVSS: Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary

The log_file_name parameter in the stata_do API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (GuardValidator) only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands (including shell, python, erase, etc.) by crafting a malicious log_file_name containing quotes, newlines, or Stata command separators.

Details

In src/stata_mcp/stata/stata_do/do.py, both _execute_unix_like and _execute_windows construct a Stata command string using Python f-strings:

commands = f"""
capture log close
{self.generate_log_command(log_file, is_replace)}
...
do "{dofile_path}"
...
"""

The generate_log_command method returns:

log_cmd = f'log using "{log_file.as_posix()}", {replace_clause} {log_type} name({log_type}_log)'

Where log_file is constructed from user-supplied log_name:

def generate_log_file(self, log_name: str, extension='log'):
    return self.log_file_path / f"{log_name}.{extension}"

The log_name parameter comes directly from user input (via MCP tool stata_do or CLI stata-mcp tool do) without any validation. Since the path is embedded inside double quotes in a Stata command string, an attacker can break out of the string context and inject arbitrary commands.

Additionally, generate_log_file does not prevent path traversal via log_name, allowing arbitrary file write outside the intended log directory.

Proof of Concept

When calling stata_do via MCP tool with:

{
  "dofile_path": "test.do",
  "log_file_name": "'; shell echo pwned > /tmp/pwned.txt; '"
}

The generated Stata commands become:

log using "/'; shell echo pwned > /tmp/pwned.txt; '.log", replace text name(text_log)

Stata interprets this as multiple commands, with shell echo pwned > /tmp/pwned.txt; executed as an arbitrary shell command.

Impact

  • Remote Code Execution via shell command injection
  • Arbitrary file write/overwrite via path traversal in log_name
  • Complete bypass of the security guard, as the guard only validates do-file content, not wrapper parameters

Remediation / Fix

  • Apply strict allowlist validation to log_name (only alphanumeric, underscore, dot, hyphen; max 128 chars)
  • Resolve and verify the constructed log path remains within the intended log directory
  • Consider generating safe internal filenames (e.g., UUIDs) instead of accepting user-defined log names for command construction
  • Apply similar sanitization to dofile_path before embedding it into Stata command strings

References

  • Issue: #74
  • Fix commit: https://github.com/SepineTam/stata-mcp/commit/e6f945941ae0c7cf5e74a428e0b3dc82b396382f

CVSS v3
EG Score
0.0(none)
EPSS
70.8%
KEV
Not listed

Published

June 4, 2026

Last Modified

June 4, 2026

Vendor Advisories for CVE-2026-47708(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Affected Packages

(1 across 1 ecosystem)
PyPI(1)
PackageVulnerable rangeFixed inDependents
stata-mcp0.1.0 ... 1.9.1 (91 versions)1.17.3

Data Freshness Timeline

(refreshed 0× in last 7d / 4× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-06-14 23:18 UTCEPSS rescore
  2. 2026-06-13 23:00 UTCEPSS rescore
  3. 2026-06-13 17:50 UTCEG score recompute
  4. 2026-06-12 23:12 UTCEPSS rescore
  5. 2026-06-04 21:10 UTCEG score recompute

Frequently asked(4)

What is CVE-2026-47708?
CVE-2026-47708 is a critical vulnerability published on June 4, 2026. MCP-for-Stata: Command injection via logfilename parameter in Stata command wrapper Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (GuardValidator) only scans the do-file content but does not…
When was CVE-2026-47708 disclosed?
CVE-2026-47708 was first published in the National Vulnerability Database on June 4, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-47708 actively exploited?
CVE-2026-47708 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 70.8% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
How do I remediate CVE-2026-47708?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-47708, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-47708

Explore →

Is Your Infrastructure Affected by CVE-2026-47708?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.