CVE-2026-22785

Orval Overload: From OpenAPI Spec to Remote Code Execution

Amit Schendel
Amit Schendel
Senior Security Researcher

Jan 14, 2026·6 min read·9 visits

Executive Summary (TL;DR)

If you use `orval` to generate MCP servers, a malicious OpenAPI spec can execute arbitrary code on your machine or CI/CD pipeline. The generator fails to escape `summary` and `operationName` fields, allowing attackers to break out of string literals and inject JavaScript logic into the resulting source file. Fixed in version 7.18.0.

A critical code injection vulnerability in the `orval` TypeScript client generator allows attackers to achieve Remote Code Execution (RCE) via malicious OpenAPI specifications. The flaw resides in the Model Context Protocol (MCP) generator, where metadata is unsafely interpolated into generated code.

Official Patches

Orval LabsRelease notes for version 7.18.0 containing the security fix.

Fix Analysis (1)

Technical Appendix

CVSS Score
9.3/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Probability
0.05%
Top 85% most exploited

Affected Systems

orval@orval/mcpNode.js environments running generated MCP servers

Affected Versions Detail

Product
Affected Versions
Fixed Version
orval
orval-labs
< 7.18.07.18.0
@orval/mcp
orval-labs
< 7.18.07.18.0
AttributeDetail
CWE IDCWE-77
Attack VectorNetwork (via malicious Spec)
CVSS9.3 (Critical)
EPSS Score0.00047 (Low)
ImpactRemote Code Execution (RCE)
Exploit StatusPoC Available

MITRE ATT&CK Mapping

T1195Supply Chain Compromise
Initial Access
T1059.007Command and Scripting Interpreter: JavaScript
Execution
CWE-77
Command Injection

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Known Exploits & Detection

N/AVendor advisory describing the injection vector in MCP generation.

Vulnerability Timeline

Fix commit pushed to GitHub
2026-01-10
CVE-2026-22785 Published
2026-01-12
Orval v7.18.0 Released
2026-01-12

Subscribe to updates

Get the latest CVE analysis reports delivered to your inbox.