Skip to main content

Vale Mcp

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5621 LOW POC Monitor

Local command injection in ChrisChinchilla Vale-MCP up to version 0.1.0 allows authenticated local attackers to execute arbitrary OS commands via manipulation of the config_path argument in the HTTP Interface component (src/index.ts). The vulnerability requires local access and valid user privileges, with publicly available exploit code disclosed after vendor non-response, representing a moderate-risk issue in environments where the MCP tool is deployed with local user access.

Command Injection Vale Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.3%
CVE-2026-5621
EPSS 0% CVSS 1.9
LOW POC Monitor

Local command injection in ChrisChinchilla Vale-MCP up to version 0.1.0 allows authenticated local attackers to execute arbitrary OS commands via manipulation of the config_path argument in the HTTP Interface component (src/index.ts). The vulnerability requires local access and valid user privileges, with publicly available exploit code disclosed after vendor non-response, representing a moderate-risk issue in environments where the MCP tool is deployed with local user access.

Command Injection Vale Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy