CVE-2026-5007 - Vulnerability Details

- kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

Description

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-03-28

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability occurs in the cloneRepository function within src/index.ts of the add_git_repository/add_text_file component of the mcp-docs-rag project. An attacker can supply specially crafted input that is passed unsanitized to an operating‑system command, allowing them to execute arbitrary commands. Because the flaw resides in a local function, the attack requires local access to the system running the application, but the exploit code is publicly available and has already been demonstrated. Successful exploitation would give the attacker full read/write access to the file system and the ability to run any command as the user under which the application is running.

Affected Systems

The issue affects all releases of kazuph mcp-docs-rag up to and including version 0.5.0. The product is distributed under the name mcp-docs-rag by vendor kazuph. No specific patch versions were listed, so any deployment of the vulnerable code base prior to an unnoted fix must be considered affected.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity, and the EPSS score is unavailable. The vulnerability is not listed in CISA's KEV catalog. Since the attack vector is local, an adversary must already have some form of access to the host, but once present the exploitation is straightforward thanks to the publicly available payload. Therefore, organizations should consider mitigation early, especially if the system is exposed to untrusted local users.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

kazuph

mcp-docs-rag

affected

Version	Status	Constraints
`0.1`	affected	—
`0.2`	affected	—
`0.3`	affected	—
`0.4`	affected	—
`0.5.0`	affected	—

No data.

Vendor Product Confidence Versions

Kazuph

Mcp-docs-rag

100%

Version	Status	Scheme	Platform
`0.1`	affected	generic	—
`0.2`	affected	generic	—
`0.3`	affected	generic	—
`0.4`	affected	generic	—
`0.5.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update mcp-docs-rag to a version newer than 0.5.0 once a fix is released.
If no newer release is available, disable or remove the cloneRepository feature or restrict its use to trusted users only.
Apply input validation or sanitize arguments to cloneRepository before passing them to os.exec.
Keep an eye on the project’s issue tracker and security advisories for any patch releases.

Generated by OpenCVE AI on March 28, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00299.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/kazuph/mcp-docs-rag/
https://github.com/kazuph/mcp-docs-rag/issues/7
https://github.com/user-attachments/files/25822451/mcp-docs-rag_bug.pdf
https://vuldb.com/submit/779152
https://vuldb.com/vuln/353892
https://vuldb.com/vuln/353892/cti

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 30 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Kazuph Kazuph mcp-docs-rag
Vendors & Products		Kazuph Kazuph mcp-docs-rag

Sat, 28 Mar 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection
Weaknesses		CWE-77 CWE-78
References		https://github.com/kazuph/mcp-docs-rag/ https://github.com/kazuph/mcp-docs-rag/issues/7 https://github.com/user-attachments/files/25822451/mcp-docs-rag_bug.pdf https://vuldb.com/submit/779152 https://vuldb.com/vuln/353892 https://vuldb.com/vuln/353892/cti
Metrics		cvssV2_0 `{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Kazuph Mcp-docs-rag

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-28T18:30:12.170Z

Updated: 2026-04-01T14:10:05.012Z

Reserved: 2026-03-27T13:54:30.447Z

Link: CVE-2026-5007

Vulnrichment

Updated: 2026-04-01T14:09:58.726Z

NVD

Status : Deferred

Published: 2026-03-28T19:16:56.710

Modified: 2026-04-24T16:36:24.067

Link: CVE-2026-5007

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-30T06:58:57Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object