CVE-2026-5619 | Braffolk mcp-summarization-functions up to 0.1.5 summarize_command src/server/mcp-server.ts os command injection

Inserito da Angelo Barbosa | Apr 5, 2026 | CVE

A vulnerability was found in Braffolk mcp-summarization-functions up to 0.1.5 and classified as critical. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipulation of the argument command can lead to os command injection.

This vulnerability appears as CVE-2026-5619. The attack requires local access. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5619 | Braffolk mcp-summarization-functions up to 0.1.5 summarize_command src/server/mcp-server.ts os command injection

Post correlati

CVE-2021-34970 | Foxit PDF Reader 11.0.1.49938 print format string (ZDI-21-1201)

CVE-2026-21914 | Juniper Junos OS up to 25.2R1-S1 on SRX GPRS Tunnelling Protocol locking (JSA106015)

CVE-2025-53604 | pimeys web-push Crate up to 0.10.2 on Rust length parameter (RUSTSEC-2025-0015 / EUVD-2025-20100)

CVE-2023-52535 | Unisoc SC7731E/SC9832E/SC9863A/T310/T610/T618 vsp Driver denial of service