Skip to content
CVSS 7.3 · HIGH

CVE-2026-7061

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Ver en NVD

Análisis

This is an OS command injection vulnerability in a small, experimental implementation of a ChatGPT MCP server. While the bug is critical and has public exploits, the software is a niche project with limited adoption, not meeting the threshold for a broad community alert.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-77CWE-78

EPSS

Probabilidad de explotación (próx. 30 días): 0.0176 (1.8%)
Percentil: 82.7%
EPSS: 2026-05-06

Descripción técnica

A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Publicada: 26/4/2026, 22:17:33
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo