CVE-2026-5125 | raine consult-llm-mcp up to 2.5.3 src/server.ts child_process.execSync git_diff.base_ref/git_diff.files os command injection

Inserito da Angelo Barbosa | Mar 30, 2026 | CVE

A vulnerability described as critical has been identified in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function child_process.execSync of the file src/server.ts. The manipulation of the argument git_diff.base_ref/git_diff.files results in os command injection.

This vulnerability is identified as CVE-2026-5125. The attack is only possible with local access. Additionally, an exploit exists.

Upgrading the affected component is recommended.

CVE-2026-5125 | raine consult-llm-mcp up to 2.5.3 src/server.ts child_process.execSync git_diff.base_ref/git_diff.files os command injection

Post correlati

CVE-2025-5567 | WP Shortcodes Plugin Plugin up to 7.4.0 on WordPress data-url cross site scripting

CVE-2023-49716 | Emerson Rosemount GC370XA 4.1.5 command injection (icsa-24-030-01)

CVE-2024-12838 | Changing Information Technology CGFIDO up to 1.0.x Passwordless Login authentication bypass by assumed-immutable data

CVE-2025-24008 | Siemens SIRIUS Safety Relays 3SK2 cleartext transmission (ssa-222768)