Which versions of Codebase Mcp are affected by CVE-2026-5023?

Organizations using DeDeveloper23 codebase-mcp should be aware of moderate risk from CVE-2026-5023, a OS command injection vulnerability rated CVSS 4.8.

Is there a public PoC exploit available for CVE-2026-5023?

Yes, a public proof-of-concept exploit is available for CVE-2026-5023. Prioritise patching immediately. EPSS: 0.3%.

Codebase Mcp CVE-2026-5023

Q: What is the CVSS score of CVE-2026-5023?

CVE-2026-5023 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.3%.

EUVD-2026-16966 LOW

OS Command Injection (CWE-78)

2026-03-29 VulDB

GHSA-cm69-52gj-g4j6

Command Injection Codebase Mcp

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

4.8 (MEDIUM) 1.9 (LOW)

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 29, 2026 - 02:15 euvd

EUVD-2026-16966

Analysis Generated

Mar 29, 2026 - 02:15 vuln.today

CVE Published

Mar 29, 2026 - 02:00 nvd

MEDIUM 4.8

DescriptionCVE.org

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os command injection. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in DeDeveloper23 codebase-mcp allows local authenticated attackers to execute arbitrary system commands through the getCodebase, getRemoteCodebase, and saveCodebase functions in src/tools/codebase.ts. The vulnerability affects all versions up to commit 3ec749d237dd8eabbeef48657cf917275792fde6, with publicly available exploit code disclosed via GitHub issue #7. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) indicates a local attack with low complexity and low privilege requirement; the attacker must already have local system access and be an authenticated user of the codebase-mcp tool. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A developer with local access to a shared CI/CD runner or development server logs in and runs a codebase-mcp command (e.g., getRemoteCodebase or saveCodebase) with a specially crafted repository URL or path parameter containing shell metacharacters (e.g., '; rm -rf / #' or '$(malicious_command)'). The unsanitized input is passed directly to an OS command execution function, allowing the attacker to execute arbitrary commands with the privileges of the user running codebase-mcp (typically the CI/CD service account or developer account). …
Remediation	No vendor-released patch identified at time of analysis due to the project's rolling-release model and lack of vendor response to the early disclosure. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems running DeDeveloper23 codebase-mcp and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5023 vulnerability details – vuln.today

Back