CVE 10 CRITICAL

Unauthenticated RCE in DocsGPT MCP STDIO Configuration_CVE-2026-26015

April 29, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.

AI Analysis

Unauthenticated remote code execution vulnerability in DocsGPT

Basic Information

ID CVE-2026-26015

Source GitHub_M

Published Apr 29, 2026 at 17:37

Affected Product

Vendor arc53

Product DocsGPT

Version >= 0.15.0, < 0.16.0

Affected Versions arc53 DocsGPT >= 0.15.0, < 0.16.0

CWE Classification

CWE-77

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor arc53

Product DocsGPT

Version 0.15.0 to 0.16.0

References

{
    "lastseen": "",
    "description": "DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the \"MCP test\" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.",
    "published": "2026-04-29T17:37:25.524Z",
    "modified": "2026-04-29T17:37:25.524Z",
    "type": "cve",
    "title": "Unauthenticated RCE in DocsGPT MCP STDIO Configuration",
    "source": "GitHub_M",
    "references": "https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74\nhttps://github.com/arc53/DocsGPT/releases/tag/0.16.0",
    "id": "CVE-2026-26015",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "arc53 DocsGPT >= 0.15.0, < 0.16.0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DocsGPT",
    "version": ">= 0.15.0, < 0.16.0",
    "vendor": "arc53",
    "ai_description": "Unauthenticated remote code execution vulnerability in DocsGPT",
    "ai_severity": "Critical",
    "ai_vendor": "arc53",
    "ai_product": "DocsGPT",
    "ai_version": "0.15.0 to 0.16.0",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply