# [CRIT] [GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

**Source:** GitHub Security Advisories
**Published:** 2026-06-04
**Article:** https://github.com/advisories/GHSA-4p62-hqp5-g644

## Threat Profile

MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

### Summary
The `log_file_name` parameter in the `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (`GuardValidator`) only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands (including `shell`, `python`, `erase`, etc.) by crafting a malicious `log_file_name` containing quotes, newline…

## Indicators of Compromise (high-fidelity only)

- **CVE:** `CVE-2026-47708`

## MITRE ATT&CK Techniques

- **T1190** — Exploit Public-Facing Application
- **T1204.002** — User Execution: Malicious File
- **T1059** — Command and Scripting Interpreter
- **T1059.003** — Windows Command Shell
- **T1059.004** — Unix Shell
- **T1083** — File and Directory Discovery

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

### Stata binary spawning OS shell (CVE-2026-47708 stata-mcp log_file_name injection)

`UC_122_2` · phase: **exploit** · confidence: **High** · AI-generated for this article

**Splunk SPL (CIM):**
```spl
| tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Endpoint.Processes where (Processes.parent_process_name IN ("stata.exe","stata-mp.exe","stata-se.exe","stata-be.exe","xstata.exe","xstata-mp.exe","xstata-se.exe","stata","stata-mp","stata-se","stata-be")) AND (Processes.process_name IN ("cmd.exe","powershell.exe","pwsh.exe","bash.exe","sh.exe","zsh","bash","sh","python.exe","python","python3")) by Processes.dest Processes.user Processes.parent_process Processes.process_name Processes.process Processes.process_id Processes.process_hash | `drop_dm_object_name(Processes)` | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)`
```

**Defender KQL:**
```kql
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName has_any ("stata.exe","stata-mp.exe","stata-se.exe","stata-be.exe","xstata.exe","xstata-mp.exe","xstata-se.exe","stata","stata-mp","stata-se","stata-be")
| where FileName has_any ("cmd.exe","powershell.exe","pwsh.exe","bash.exe","sh.exe","zsh.exe","bash","sh","zsh","python.exe","python","python3")
| where AccountName !endswith "$"
| project Timestamp, DeviceName, AccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, InitiatingProcessCommandLine, FileName, ProcessCommandLine, SHA256, InitiatingProcessParentFileName
| order by Timestamp desc
```

### Stata-authored log file written with shell metacharacters or path traversal in filename (CVE-2026-47708)

`UC_122_3` · phase: **exploit** · confidence: **High** · AI-generated for this article

**Splunk SPL (CIM):**
```spl
| tstats `summariesonly` count min(_time) as firstTime max(_time) as lastTime from datamodel=Endpoint.Filesystem where (Filesystem.process_name IN ("stata.exe","stata-mp.exe","stata-se.exe","stata-be.exe","xstata.exe","xstata-mp.exe","xstata-se.exe","stata","stata-mp","stata-se","stata-be","python.exe","python","python3")) AND (Filesystem.file_name="*.log") by Filesystem.dest Filesystem.user Filesystem.process_name Filesystem.file_path Filesystem.file_name | `drop_dm_object_name(Filesystem)` | where match(file_name,"[;|&`'\"]|\\.\\.") | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)`
```

**Defender KQL:**
```kql
DeviceFileEvents
| where Timestamp > ago(7d)
| where ActionType in ("FileCreated","FileModified")
| where InitiatingProcessFileName has_any ("stata.exe","stata-mp.exe","stata-se.exe","stata-be.exe","xstata.exe","xstata-mp.exe","xstata-se.exe","python.exe","python","python3")
| where FileName endswith ".log"
| where FileName matches regex @"[;|&`'\"]|\.\."
     or InitiatingProcessCommandLine has_any ("stata_mcp","stata-mcp","log_file_name")
| project Timestamp, DeviceName, InitiatingProcessAccountName, InitiatingProcessFileName, InitiatingProcessFolderPath, InitiatingProcessCommandLine, FileName, FolderPath
| order by Timestamp desc
```

### Article-specific behavioural hunt — [GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command injection via log_file_

`UC_122_1` · phase: **install** · confidence: **High**

**Splunk SPL (CIM):**
```spl
``` Article-specific bespoke detection — [GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command injection via log_file_ ```
| tstats `summariesonly` count
    from datamodel=Endpoint.Filesystem
    where Filesystem.action IN ("created","modified")
      AND (Filesystem.file_path="*/tmp/pwned.txt*")
    by Filesystem.dest, Filesystem.user, Filesystem.process_name,
       Filesystem.file_path, Filesystem.file_name
| `drop_dm_object_name(Filesystem)`
```

**Defender KQL:**
```kql
// Article-specific bespoke detection — [GHSA / CRITICAL] CVE-2026-47708: MCP-for-Stata: Command injection via log_file_
// Hunts the actual binaries / paths / commandline fragments named
// in the article instead of a generic technique-class template.

// File-creation events for the named binaries / paths
DeviceFileEvents
| where Timestamp > ago(30d)
| where ActionType in ("FileCreated","FileModified")
| where (FolderPath has_any ("/tmp/pwned.txt"))
| project Timestamp, DeviceName, AccountName, FolderPath,
          FileName, ActionType, InitiatingProcessFileName,
          InitiatingProcessCommandLine
| order by Timestamp desc
```

### IOC-driven hunts (use shared templates)

These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing.

- **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High**
  - CVE(s): `CVE-2026-47708`


## Why this matters

Severity classified as **CRIT** based on: CVE present, 4 use case(s) fired, 6 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.