DocsGPT - Unauthenticated Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

CVE-2026-26015

DocsGPT (0.15.0–0.15.x) contains a remote code execution flaw via the Model Context Protocol (MCP) STDIO interface. An attacker can craft a payload through the DocsGPT website or any deployment that bypasses the MCP test, enabling arbitrary OS command execution. The issue is patchable by upgradin...

CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

CVE-2026-26015

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...

DocsGPT 命令注入漏洞

DocsGPT is a cutting-edge open-source solution developed by Arc53. It simplifies the process of finding information in project documents. In versions 0.15.0 to 0.16.0 of DocsGPT, there was a command injection vulnerability. This vulnerability stemmed from bypassing MCP testing behaviors, which...

PT-2026-35960

Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.15.0 through 0.15.x Description An attacker accessing the official website or any local and public deployment can craft a malicious payload that bypasses the "MCP test" behavior to achieve arbitrary remote code execution RCE...

EUVD-2024-29338

Malicious code in bioql PyPI...

DocsGPT Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible DocsGPT instance on the target application. DocsGPT is an open-source genAI tool that helps users get answers from knowledge source. This detection is included in the AI and LLM category. No...

DocsGPT 0.8.1 < 0.13.0 Unauthenticated Remote Code Execution

DocsGPT is vulnerable to an attack allowing an unauthenticated attacker to execute arbitrary code via a specially forged request on the '/api/remote' endpoint. This detection is included in the AI and LLM category. No source data...

VulnCheck KEV: CVE-2025-0868

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0...

Exploit for CVE-2025-0868

Penetration Testing Project Report: Exploiting CVE-2025-0868...

CVE-2024-31451

DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1...

📄 DocsGPT 0.12.0 Remote Code Execution

DocsGPT version 0.12.0 suffers from a remote code execution vulnerability. Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link:...

DocsGPT 0.12.0 - Remote Code Execution

Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip Version: 0.8.1 through 0.12.0 Tested on: Debian Linux/Ubunt...

CVE-2025-0868

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0...

GHSA-9GFF-5V8W-X922 DocsGPT Allows Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0...

DocsGPT Allows Remote Code Execution

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint. This issue affects DocsGPT: from 0.8.1 through 0.12.0...