CVE-2026-5741
Published: 07 April 2026
Summary
CVE-2026-5741 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 6.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A weakness has been identified in suvarchal docker-mcp-server up to version 0.1.0 within the stop_container, remove_container, and pull_image functions of the HTTP interface component in src/index.ts. The flaw permits OS command injection and is tracked under CWE-77 and CWE-78, with a CVSS 4.0 score of 6.9 reflecting network-accessible attack conditions without authentication or user interaction.
Remote, unauthenticated attackers can supply crafted input to the affected HTTP endpoints to execute arbitrary operating-system commands. Public exploit code has been released, enabling direct abuse against any reachable instance of the server.
The project maintainers were notified of the issue through public GitHub reports but have not issued a response or patch. The EPSS score remains low and essentially flat at approximately 0.021, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-19933
Vulnerability details
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried…
more
out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in publicly accessible HTTP interface directly enables exploitation of public-facing application (T1190) and arbitrary command execution via Unix shell (T1059.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents OS command injection by validating inputs to the vulnerable stop_container, remove_container, and pull_image functions in the HTTP interface.
Mandates timely remediation of the specific command injection flaw in suvarchal docker-mcp-server up to version 0.1.0.
Mitigates remote network exploitation by monitoring and controlling access to the exposed HTTP interface.