CVE-2026-7064: High Severity OS Command Injection in AgentDeskAI browser-tools-mcp Up to v1.2.0 — No Patch Available
⚠️ Action Required: If you have AgentDeskAI’s browser-tools-mcp installed in any AI agent stack, remove or disable it immediately. There is no patch. There will be no patch. The exploit is public. A high-severity OS command injection vulnerability has been disclosed in the AgentDeskAI browser-tools-mcp package, affecting all versions through v1.2.0 — which is also the final release the project ever shipped. CVE: CVE-2026-7064 CVSS v3.1 Score: 7.3 (High) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CWE: CWE-77/78 (OS Command Injection) Patch available: No. Project is unmaintained. Exploit disclosed: Yes. Publicly available. ...