suvarchal docker-mcp-server HTTP index.ts pull_image os command injection_CVE-2026-5741

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-5741

Source VulDB

Published Apr 7, 2026 at 20:00

Modified Apr 7, 2026 at 20:34

Affected Product

Vendor suvarchal

Product docker-mcp-server

Version 0.1.0

Affected Versions suvarchal docker-mcp-server 0.1.0

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-07T20:00:21.096Z",
    "modified": "2026-04-07T20:34:17.286Z",
    "type": "cve",
    "title": "suvarchal docker-mcp-server HTTP index.ts pull_image os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355748\nhttps://vuldb.com/vuln/355748/cti\nhttps://vuldb.com/submit/786948\nhttps://github.com/suvarchal/docker-mcp/issues/3\nhttps://github.com/BruceJqs/public_exp/issues/1",
    "id": "CVE-2026-5741",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "suvarchal docker-mcp-server 0.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "docker-mcp-server",
    "version": "0.1.0",
    "vendor": "suvarchal",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}