CVE-2026-26015
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
View on NVDAnalysis
DocsGPT versions 0.15.0 through 0.15.x are vulnerable to a critical command injection flaw that allows unauthenticated remote code execution (RCE). Anyone running a self-hosted or public deployment of this tool should upgrade to version 0.16.0 immediately to prevent attackers from taking control of the server.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCWE-77EPSS
Affects
arc53:docsgptTechnical description
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
References
- https://github.com/arc53/DocsGPT/releases/tag/0.16.0
- https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74
- https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/
- https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/
- https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74