Description
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
Published: 2026-04-29
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

DocsGPT, a GPT‑powered chat for documentation, contains a flaw that allows an unauthenticated attacker to exploit the MCP STDIO configuration. By crafting a malicious payload that bypasses the intended "MCP test" verification, an attacker can inject and execute arbitrary shell commands. This leads to full remote code execution on the host running DocsGPT, compromising confidentiality, integrity, and availability. The weakness is a command injection flaw identified as CWE‑77.

Affected Systems

The affected component is arc53’s DocsGPT. Versions from 0.15.0 up to, but not including, 0.16.0 are vulnerable. Any local or public deployment of these releases, including the official website, is susceptible. Upgrading to version 0.16.0 or newer removes the flaw.

Risk and Exploitability

The CVSS base score of 10.0 marks this as a critical vulnerability. No EPSS data is provided, so the probability of exploitation cannot be quantified, but the absence of authentication and the nature of the command injection imply a high likelihood of successful attacks. It is not listed in the CISA KEV catalog, yet the remote code execution capability warrants immediate attention. Exploitation requires only network access to the DocsGPT interface and no administrative privileges.

Generated by OpenCVE AI on April 29, 2026 at 21:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade DocsGPT to version 0.16.0 or later, which removes the vulnerability.
  • Restrict external network access to the DocsGPT service, for example by firewall rules or VPN, to prevent unauthenticated users from reaching the vulnerable endpoint.
  • Run the DocsGPT process under a non‑privileged user account to limit the impact of any successful exploitation.

Generated by OpenCVE AI on April 29, 2026 at 21:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Arc53
Arc53 docsgpt
Vendors & Products Arc53
Arc53 docsgpt

Wed, 29 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
Title Unauthenticated RCE in DocsGPT MCP STDIO Configuration
Weaknesses CWE-77
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Arc53 Docsgpt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-29T17:37:25.524Z

Reserved: 2026-02-09T21:36:29.554Z

Link: CVE-2026-26015

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-29T18:16:03.817

Modified: 2026-04-29T18:16:03.817

Link: CVE-2026-26015

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:15:16Z

Weaknesses