Lucene search
K

42 matches found

Nuclei
Nuclei
added yesterday48 views

DocsGPT - Unauthenticated Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...

9.3CVSS7.2AI score0.15099EPSS
Exploits3References3
NVD
NVD
added 2026/06/28 7:16 a.m.13 views

CVE-2026-13483

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS0.00095EPSS
Exploits0References7
OSV
OSV
added 2026/06/28 5:45 a.m.2 views

CVE-2026-13483 arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

2.3CVSS4.9AI score0.00095EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/28 5:45 a.m.7 views

CVE-2026-13483

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS4.9AI score0.00095EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/06/28 5:45 a.m.8 views

EUVD-2026-39983

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS4.9AI score0.00095EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/28 5:45 a.m.34 views

CVE-2026-13483 arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...

3.1CVSS0.00095EPSS
Exploits0References7
CVE
CVE
added 2026/06/28 5:45 a.m.19 views

CVE-2026-13483

The CVE affects arc53 DocsGPT (up to 0.18.0). The vulnerability lies in the Credential Storage component, specifically the encrypt_credentials function in application/security/encryption.py, causing insufficient verification of data authenticity. Exploitation is possible remotely with high attack...

3.1CVSS4.9AI score0.00095EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53095

Name of the Vulnerable Software and Affected Versions arc53 DocsGPT versions prior to 0.18.1 Description An issue exists in the Credential Storage component within the encrypt credentials function of the application/security/encryption.py file. This flaw leads to insufficient verification of data...

3.1CVSS5.6AI score0.00095EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46955

Six live production platforms were compromised during responsible disclosure testing. LiteLLM CVE-2026-30623, Critical, patched, Windsurf CVE-2026-30615, Critical, reported, Bisheng CVE-2026-33224, Critical, patched, and DocsGPT CVE-2026-26015, Critical, patched…...

10CVSS5.7AI score0.01168EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.11 views

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.7AI score0.01168EPSS
Exploits1References1
NVD
NVD
added 2026/04/29 6:16 p.m.6 views

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS0.01168EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/29 5:37 p.m.5 views

CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.8AI score0.01168EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/29 5:37 p.m.4 views

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.7AI score0.01168EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/29 5:37 p.m.35 views

CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS0.01168EPSS
Exploits1References2
OSV
OSV
added 2026/04/29 5:37 p.m.4 views

CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.8AI score0.01168EPSS
Exploits1References6
CVE
CVE
added 2026/04/29 5:37 p.m.24 views

CVE-2026-26015

DocsGPT (0.15.0–0.15.x) contains a remote code execution flaw via the Model Context Protocol (MCP) STDIO interface. An attacker can craft a payload through the DocsGPT website or any deployment that bypasses the MCP test, enabling arbitrary OS command execution. The issue is patchable by upgradin...

10CVSS6.7AI score0.01168EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.10 views

DocsGPT 命令注入漏洞

DocsGPT is a cutting-edge open-source solution developed by Arc53. It simplifies the process of finding information in project documents. In versions 0.15.0 to 0.16.0 of DocsGPT, there was a command injection vulnerability. This vulnerability stemmed from bypassing MCP testing behaviors, which...

10CVSS6.3AI score0.01168EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-35960

Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.15.0 through 0.15.x Description An attacker accessing the official website or any local and public deployment can craft a malicious payload that bypasses the "MCP test" behavior to achieve arbitrary remote code execution RCE...

10CVSS6.8AI score0.01168EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-29338

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00575EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/03 12:0 a.m.5 views

DocsGPT Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible DocsGPT instance on the target application. DocsGPT is an open-source genAI tool that helps users get answers from knowledge source. This detection is included in the AI and LLM category. No...

7.2AI score
Exploits0References2
Rows per page
Query Builder