42 matches found
DocsGPT - Unauthenticated Remote Code Execution
A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.This issue affects DocsGPT- from 0.8.1 through 0.12.0. id:...
CVE-2026-13483
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
CVE-2026-13483 arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
CVE-2026-13483
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
EUVD-2026-39983
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
CVE-2026-13483 arc53 DocsGPT Credential Storage encryption.py encrypt_credentials data authenticity
A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encryptcredentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the...
CVE-2026-13483
The CVE affects arc53 DocsGPT (up to 0.18.0). The vulnerability lies in the Credential Storage component, specifically the encrypt_credentials function in application/security/encryption.py, causing insufficient verification of data authenticity. Exploitation is possible remotely with high attack...
PT-2026-53095
Name of the Vulnerable Software and Affected Versions arc53 DocsGPT versions prior to 0.18.1 Description An issue exists in the Credential Storage component within the encrypt credentials function of the application/security/encryption.py file. This flaw leads to insufficient verification of data...
PT-2026-46955
Six live production platforms were compromised during responsible disclosure testing. LiteLLM CVE-2026-30623, Critical, patched, Windsurf CVE-2026-30615, Critical, reported, Bisheng CVE-2026-33224, Critical, patched, and DocsGPT CVE-2026-26015, Critical, patched…...
CVE-2026-26015
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...
CVE-2026-26015
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...
CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...
CVE-2026-26015
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...
CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...
CVE-2026-26015 Unauthenticated RCE in DocsGPT MCP STDIO Configuration
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution RCE...
CVE-2026-26015
DocsGPT (0.15.0–0.15.x) contains a remote code execution flaw via the Model Context Protocol (MCP) STDIO interface. An attacker can craft a payload through the DocsGPT website or any deployment that bypasses the MCP test, enabling arbitrary OS command execution. The issue is patchable by upgradin...
DocsGPT 命令注入漏洞
DocsGPT is a cutting-edge open-source solution developed by Arc53. It simplifies the process of finding information in project documents. In versions 0.15.0 to 0.16.0 of DocsGPT, there was a command injection vulnerability. This vulnerability stemmed from bypassing MCP testing behaviors, which...
PT-2026-35960
Name of the Vulnerable Software and Affected Versions DocsGPT versions 0.15.0 through 0.15.x Description An attacker accessing the official website or any local and public deployment can craft a malicious payload that bypasses the "MCP test" behavior to achieve arbitrary remote code execution RCE...
EUVD-2024-29338
Malicious code in bioql PyPI...
DocsGPT Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible DocsGPT instance on the target application. DocsGPT is an open-source genAI tool that helps users get answers from knowledge source. This detection is included in the AI and LLM category. No...