CVE-2026-5007

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

CVE-2026-5007 kazuph mcp-docs-rag add_git_repository/add_text_file index.ts cloneRepository os command injection

A vulnerability was identified in kazuph mcp-docs-rag up to 0.5.0. Affected is the function cloneRepository of the file src/index.ts of the component addgitrepository/addtextfile. The manipulation leads to os command injection. The attack needs to be performed locally. The exploit is publicly...

PT-2026-28723

Name of the Vulnerable Software and Affected Versions kazuph mcp-docs-rag versions up to 0.5.0 Description A flaw exists in the cloneRepository function within the src/index.ts file of the add git repository/add text file component. This issue allows for operating system command injection,...

mcp-docs-rag MCP Server 操作系统命令注入漏洞

The mcp-docs-rag MCP Server is a RAG Q&A server developed by Kazuhiro Homma, based on local documentation. Versions of the mcp-docs-rag MCP Server prior to 0.5.0 contained an operating system command injection vulnerability. This vulnerability stems from the cloneRepository function in the...