CVE-2026-5621 | ChrisChinchilla Vale-MCP up to 0.1.0 HTTP Interface src/index.ts config_path os command injection

A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation of the argument config_path results in os command injection.

This vulnerability is known as CVE-2026-5621. Attacking locally is a requirement. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5621 | ChrisChinchilla Vale-MCP up to 0.1.0 HTTP Interface src/index.ts config_path os command injection

Post correlati

CVE-2024-3732 | GeoDirectory Plugin up to 2.3.48 on WordPress Shortcode gd_single_tabs cross site scripting

CVE-2024-6348 | Nissan Altima 2022 Blind Spot Protection Sensor ECU random values

CVE-2024-28920 | Microsoft unknown vulnerability

CVE-2026-34054 | Microsoft vcpkg up to 3.6.1#2 OpenSSL uncontrolled search path (GHSA-p322-v6vw-vrq9)