CVE-2026-5741
Published: 07 April 2026
Summary
CVE-2026-5741 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents OS command injection by validating inputs to the vulnerable stop_container, remove_container, and pull_image functions in the HTTP interface.
Mandates timely remediation of the specific command injection flaw in suvarchal docker-mcp-server up to version 0.1.0.
Mitigates remote network exploitation by monitoring and controlling access to the exposed HTTP interface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in publicly accessible HTTP interface directly enables exploitation of public-facing application (T1190) and arbitrary command execution via Unix shell (T1059.004).
NVD Description
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried…
more
out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-5741 is an OS command injection vulnerability (CWE-77, CWE-78) in suvarchal docker-mcp-server versions up to 0.1.0. The flaw affects the stop_container, remove_container, and pull_image functions in the src/index.ts file of the HTTP Interface component, enabling malicious command execution on the host system.
The vulnerability is remotely exploitable over the network with low attack complexity, requiring no privileges or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, base score 7.3). Any unauthenticated remote attacker reaching the HTTP interface can inject OS commands via these functions, potentially compromising the underlying Docker environment and host.
References indicate the project was informed early via GitHub issue (https://github.com/suvarchal/docker-mcp/issues/3) but has not responded or issued patches. A public exploit is available (https://github.com/BruceJqs/public_exp/issues/1), with additional details in VulDB entries (https://vuldb.com/vuln/355748 and related links). No mitigations are currently advised beyond isolating or disabling the affected HTTP interface.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp