Skip to main content

Mcp Docs Rag EUVD-2026-16941

| CVE-2026-5007 LOW
OS Command Injection (CWE-78)
2026-03-28 VulDB GHSA-56ph-gvwc-wqxr
Command Injection Mcp Docs Rag
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.8 (MEDIUM) 1.9 (LOW)
PoC Detected
Mar 30, 2026 - 13:26 vuln.today
Public exploit code
EUVD ID Assigned
Mar 28, 2026 - 19:00 euvd
EUVD-2026-16941
Analysis Generated
Mar 28, 2026 - 19:00 vuln.today
CVE Published
Mar 28, 2026 - 18:30 nvd
MEDIUM 4.8

DescriptionCVE.org

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in kazuph mcp-docs-rag through version 0.5.0 allows local attackers with limited privileges to execute arbitrary commands via the cloneRepository function in src/index.ts. The vulnerability affects the add_git_repository and add_text_file components, with publicly available exploit code demonstrating the attack. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS 3.1 score of 5.3 reflects local attack vector (AV:L), low complexity (AC:L), and requirement for low privileges (PR:L), indicating an authenticated local attacker can exploit this without complex prerequisites. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with limited shell access to a system running mcp-docs-rag could craft a malicious repository URL or file path containing shell metacharacters (such as backticks, semicolons, or pipe operators) and pass it through the add_git_repository or add_text_file endpoints. When the cloneRepository function processes this input, the embedded commands would execute with the privileges of the mcp-docs-rag process. …
Remediation No vendor-released patch is currently available. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems running kazuph mcp-docs-rag and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-16941 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy