CVE-2026-22785 Overview
orval is a popular tool that generates type-safe JavaScript/TypeScript clients from OpenAPI v3 or Swagger v2 specifications. A critical command injection vulnerability exists in versions prior to 7.18.0 where the MCP (Model Context Protocol) server generation logic fails to properly validate or escape the summary field from OpenAPI specifications. This allows attackers to craft malicious OpenAPI specifications that break out of string literals and inject arbitrary code during client generation.
Critical Impact
Attackers can achieve arbitrary code execution by supplying a malicious OpenAPI specification with a specially crafted summary field, potentially compromising development environments and CI/CD pipelines that use orval for code generation.
Affected Products
- orval versions prior to 7.18.0
- Applications using orval MCP server generation with untrusted OpenAPI specifications
- CI/CD pipelines processing external OpenAPI specifications through orval
Discovery Timeline
- 2026-01-12 - CVE CVE-2026-22785 published to NVD
- 2026-01-13 - Last updated in NVD database
Technical Details for CVE-2026-22785
Vulnerability Analysis
This vulnerability is classified as CWE-77 (Command Injection). The orval tool's MCP server generation functionality processes OpenAPI specification files and uses the summary field content in string manipulation operations without adequate input validation or output encoding.
When orval generates code from an OpenAPI specification, it directly incorporates the summary field value into the generated output. Because the string manipulation lacks proper escaping, an attacker can craft a summary field containing string-terminating characters followed by malicious code. This effectively allows the attacker to "break out" of the intended string context and inject arbitrary JavaScript/TypeScript code that will be included in the generated output.
The attack is particularly dangerous in automated environments where OpenAPI specifications may be fetched from external sources or when developers process specifications from untrusted parties.
Root Cause
The root cause is improper input validation in the MCP server generation logic. The code directly concatenates the summary field from OpenAPI specifications into generated code templates without sanitizing or escaping special characters that could alter the syntactic structure of the output. This represents a classic injection vulnerability where user-controlled input is mixed with code without proper separation.
Attack Vector
The attack is network-exploitable and requires no authentication or user interaction. An attacker creates a malicious OpenAPI v3 or Swagger v2 specification file containing a specially crafted summary field. When a developer or automated system processes this specification using a vulnerable version of orval with MCP server generation, the injected code is included in the generated output.
The injected code executes in the context of wherever the generated code runs, potentially allowing attackers to:
- Execute arbitrary commands on developer workstations
- Compromise CI/CD build environments
- Establish persistence through generated application code
- Exfiltrate sensitive data from build environments
For detailed technical analysis, see the GitHub Security Advisory.
Detection Methods for CVE-2026-22785
Indicators of Compromise
- Unexpected code patterns in orval-generated TypeScript/JavaScript files
- OpenAPI specification files with unusual characters in summary fields (e.g., backticks, quotes, semicolons followed by code-like structures)
- Anomalous process execution originating from generated client code
- Build logs showing unexpected command execution during orval code generation
Detection Strategies
- Audit all OpenAPI specifications for suspicious content in the summary field before processing with orval
- Implement static code analysis on generated output to detect injected code patterns
- Monitor build environments for unexpected network connections or process spawning during code generation
- Review orval-generated files for any code that does not match expected patterns
Monitoring Recommendations
- Enable verbose logging during orval code generation to capture specification details
- Implement file integrity monitoring on generated code directories to detect unexpected modifications
- Set up alerts for unusual process activity during CI/CD pipeline execution
- Regularly audit OpenAPI specification sources and their integrity
How to Mitigate CVE-2026-22785
Immediate Actions Required
- Upgrade orval to version 7.18.0 or later immediately
- Audit all OpenAPI specifications currently used in projects for malicious content
- Review recently generated code for any signs of injection
- Restrict orval processing to trusted OpenAPI specification sources only
- Implement input validation for OpenAPI specifications before processing
Patch Information
The vulnerability is fixed in orval version 7.18.0. The fix implements proper validation and escaping of the summary field during MCP server generation. The patch can be reviewed in the GitHub commit.
To update orval:
# Using npm
npm update orval@7.18.0
# Using yarn
yarn upgrade orval@7.18.0
# Using pnpm
pnpm update orval@7.18.0
Workarounds
- Only process OpenAPI specifications from trusted, verified sources until upgrade is possible
- Implement a pre-processing step to sanitize summary fields in OpenAPI specifications
- Manually review all orval-generated code before execution or deployment
- Isolate orval code generation in sandboxed environments with limited permissions
- Consider temporarily disabling MCP server generation if not required
# Configuration example
# Verify orval version before use
npx orval --version
# If using version < 7.18.0, upgrade immediately
npm install orval@latest
# Validate OpenAPI specs before processing (example using spectral)
npx @stoplight/spectral-cli lint ./api-spec.yaml
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
