CVE-2026-5007 | kazuph mcp-docs-rag up to 0.5.0 add_git_repository/add_text_file src/index.ts cloneRepository os command injection

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability classified as critical has been found in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection.

This vulnerability is documented as CVE-2026-5007. The attack needs to be performed locally. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-5007 | kazuph mcp-docs-rag up to 0.5.0 add_git_repository/add_text_file src/index.ts cloneRepository os command injection

Post correlati

CVE-2024-21863 | OpenHarmony up to 3.2.4/4.0.0 denial of service

CVE-2025-49182 | SICK Media Server up to 1.4 authorization

CVE-2024-2293 | Site Reviews Plugin up to 6.11.4 on WordPress Display Name cross site scripting

CVE-2025-69250 | Free5GC up to 1.4.1 UDM Nudm_UECM unusual condition (ID 750)