Skip to main content

Heim Mcp CVE-2026-5602

| EUVD-2026-19134 LOW
OS Command Injection (CWE-78)
2026-04-05 VulDB GHSA-wx4p-jr66-jfp9
Command Injection Heim Mcp
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.8 (MEDIUM) 1.9 (LOW)
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
EUVD ID Assigned
Apr 05, 2026 - 22:30 euvd
EUVD-2026-19134
Analysis Generated
Apr 05, 2026 - 22:30 vuln.today
Patch released
Apr 05, 2026 - 22:30 nvd
Patch available
CVE Published
Apr 05, 2026 - 22:15 nvd
MEDIUM 4.8

DescriptionCVE.org

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: c321d8af25f77668781e6ccb43a1336f9185df37. It is suggested to install a patch to address this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

AnalysisAI

OS command injection in Nor2-io heim-mcp up to version 0.1.3 allows authenticated local attackers to execute arbitrary system commands via the registerTools function in src/tools.ts, affecting cloud deployment operations. Publicly available exploit code exists, and the vendor released a patched version promptly after disclosure.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment While the CVSS score of 5.3 (Medium) reflects a low-privilege requirement (PR:L) and local-only attack vector (AV:L), real-world risk is moderated by environmental constraints. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with authenticated access to a system running heim-mcp could craft malicious input within the registerTools function configuration to inject arbitrary OS commands. For example, an attacker with local account privileges could inject shell metacharacters (e.g., semicolons, pipes, command substitution) into tool registration parameters, causing the deployment process to execute unintended system commands with the privileges of the heim-mcp process. …
Remediation Vendor-released patch available: upgrade heim-mcp to the version containing commit c321d8af25f77668781e6ccb43a1336f9185df37 or later. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-5602 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy