Cyber Resilience

CVE-2026-5741

Medium

Published: 07 April 2026

Published
07 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0212 84.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5741 is a medium-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A weakness has been identified in suvarchal docker-mcp-server up to version 0.1.0 within the stop_container, remove_container, and pull_image functions of the HTTP interface component in src/index.ts. The flaw permits OS command injection and is tracked under CWE-77 and CWE-78, with a CVSS 4.0 score of 6.9 reflecting network-accessible attack conditions without authentication or user interaction.

Remote, unauthenticated attackers can supply crafted input to the affected HTTP endpoints to execute arbitrary operating-system commands. Public exploit code has been released, enabling direct abuse against any reachable instance of the server.

The project maintainers were notified of the issue through public GitHub reports but have not issued a response or patch. The EPSS score remains low and essentially flat at approximately 0.021, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried…

more

out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in publicly accessible HTTP interface directly enables exploitation of public-facing application (T1190) and arbitrary command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7066Shared CWE-77, CWE-78
CVE-2026-7446Shared CWE-77, CWE-78
CVE-2026-7416Shared CWE-77, CWE-78
CVE-2026-7220Shared CWE-77, CWE-78
CVE-2026-9454Shared CWE-77, CWE-78
CVE-2026-6116Shared CWE-77, CWE-78
CVE-2026-6158Shared CWE-77, CWE-78
CVE-2026-7138Shared CWE-77, CWE-78
CVE-2025-9387Shared CWE-77, CWE-78
CVE-2025-15472Shared CWE-77, CWE-78

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents OS command injection by validating inputs to the vulnerable stop_container, remove_container, and pull_image functions in the HTTP interface.

prevent

Mandates timely remediation of the specific command injection flaw in suvarchal docker-mcp-server up to version 0.1.0.

prevent

Mitigates remote network exploitation by monitoring and controlling access to the exposed HTTP interface.

References