CVE-2026-5602

🗓️ 05 Apr 2026 22:15:15Reported by VulDBType

CVE-2026-5602 enables local command injection via registerTools in new_heim_application.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-5602	5 Apr 202622:15	–	attackerkb
Circl	CVE-2026-5602	5 Apr 202623:21	–	circl
CNNVD	Heim MCP 操作系统命令注入漏洞	5 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection	5 Apr 202622:15	–	cvelist
EUVD	EUVD-2026-19134	6 Apr 202600:30	–	euvd
Github Security Blog	@nor2/heim-mcp vulnerable to command injection	6 Apr 202600:30	–	github
NVD	CVE-2026-5602	5 Apr 202623:16	–	nvd
OSV	GHSA-WX4P-JR66-JFP9 @nor2/heim-mcp vulnerable to command injection	6 Apr 202600:30	–	osv
Positive Technologies	PT-2026-30512	5 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-5602	6 Apr 202622:59	–	redhatcve

Vulners

Node

nor2-io heim-mcpMatch0.1.0

nor2-io heim-mcpMatch0.1.1

nor2-io heim-mcpMatch0.1.2

nor2-io heim-mcpMatch0.1.3

[
  {
    "vendor": "Nor2-io",
    "product": "heim-mcp",
    "versions": [
      {
        "version": "0.1.0",
        "status": "affected"
      },
      {
        "version": "0.1.1",
        "status": "affected"
      },
      {
        "version": "0.1.2",
        "status": "affected"
      },
      {
        "version": "0.1.3",
        "status": "affected"
      }
    ],
    "modules": [
      "new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud"
    ]
  }
]

Source	Link
github	www.github.com/Nor2-io/heim-mcp/pull/2
github	www.github.com/Nor2-io/heim-mcp/issues/1
github	www.github.com/Nor2-io/heim-mcp/
vuldb	www.vuldb.com/submit/784862
vuldb	www.vuldb.com/vuln/355394/cti
vuldb	www.vuldb.com/vuln/355394
github	www.github.com/user-attachments/files/25889482/heim-mcp_bug.pdf
github	www.github.com/Nor2-io/heim-mcp/commit/c321d8af25f77668781e6ccb43a1336f9185df37

29 Apr 2026 01:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 24.3

CVSS 44.8

CVSS 3.15.3

CVSS 35.3

EPSS0.00103

SSVC