CVE-2026-5007
Published: 28 March 2026
Summary
CVE-2026-5007 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 4.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 44.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-16941
Vulnerability details
A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component add_git_repository/add_text_file. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is…
more
publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local OS command injection (CWE-78) directly enables arbitrary command execution via the affected cloneRepository function.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.