CVE-2026-5007 in kazuph mcp-docs-raginformación

Resumen (Inglés)

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Divulgación

2026-03-28

Voces

Fecha de publicación	Base	Temp	Vulnerabilidad	CWE	Prod	Exp	Con	EPSS	CTI	CVE
2026-03-27	5.3	4.8	kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository escalada de privilegios	78	Desconocido	Prueba de concepto	No está definido	0.00178	0.55	CVE-2026-5007

Mostrar más

Descripción
Cambios
Inteligencia de amenazas
API/JSON

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to know what is going to be exploited?

We predict KEV entries!