CVE-2026-5602 | Nor2-io heim-mcp up to 0.1.3 new_heim_application src/tools.ts registerTools os command injection

A vulnerability has been found in Nor2-io heim-mcp up to 0.1.3 and classified as critical. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection.

This vulnerability appears as CVE-2026-5602. The attack requires local access. In addition, an exploit is available.

It is suggested to install a patch to address this issue.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-5602 | Nor2-io heim-mcp up to 0.1.3 new_heim_application src/tools.ts registerTools os command injection

Post correlati

CVE-2026-2385 | The Plus Addons for Elementor Plugin up to 6.4.7 on WordPress AJAX email_data Remote Code Execution

CVE-2024-34034 | DOS FlexRIC 2.0.0 Flexible RAN Intelligent Controller (FlexRIC) denial of service

CVE-2025-15578 | TEEJAY Maypole up to 2.13 on Perl rand weak prng

CVE-2026-24494 | Order Up Online Ordering System 1.0 POST Request getintegrations store_id sql injection