Skip to main content

Mcp Docs Rag

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5007 LOW POC Monitor

OS command injection in kazuph mcp-docs-rag through version 0.5.0 allows local attackers with limited privileges to execute arbitrary commands via the cloneRepository function in src/index.ts. The vulnerability affects the add_git_repository and add_text_file components, with publicly available exploit code demonstrating the attack. No vendor patch has been released despite early notification through a GitHub issue.

Command Injection Mcp Docs Rag
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-5007
EPSS 0% CVSS 1.9
LOW POC Monitor

OS command injection in kazuph mcp-docs-rag through version 0.5.0 allows local attackers with limited privileges to execute arbitrary commands via the cloneRepository function in src/index.ts. The vulnerability affects the add_git_repository and add_text_file components, with publicly available exploit code demonstrating the attack. No vendor patch has been released despite early notification through a GitHub issue.

Command Injection Mcp Docs Rag
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy