CVE-2026-26015
Received Received - Intake
Arbitrary Remote Code Execution in DocsGPT

Publication date: 2026-04-29

Last updated on: 2026-05-06

Assigner: GitHub, Inc.

Description
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-26015
EUVD
EUVD-2026-26258
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arc53 docsgpt 0.15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects DocsGPT, a GPT-powered chat for documentation, in versions from 0.15.0 up to but not including 0.16.0. An attacker who can access either the official DocsGPT website or any local or public deployment can craft a malicious payload that bypasses the "MCP test" security mechanism. By doing so, the attacker can achieve arbitrary remote code execution (RCE), meaning they can run any code they choose on the affected system.

Executive Summary

CVE-2026-26015 is a critical unauthenticated remote code execution (RCE) vulnerability in DocsGPT versions 0.15.0 to 0.15.x. An attacker can bypass security checks by manipulating the "transport_type" parameter to "stdio" in a crafted payload sent to the MCP STDIO configuration. This allows the attacker to execute arbitrary commands on the server without authentication.

The flaw exists because of improper neutralization of special elements in the MCP tool configuration, leading to command injection (CWE-78). It affects the official DocsGPT cloud instance, public deployments, and local instances accessible within the same network.

A proof-of-concept exploit involves sending a malformed JSON payload to the `/api/mcp_server/test` endpoint with the malicious "transport_type" and command parameters. The vulnerability was patched in version 0.16.0.

Impact Analysis

This vulnerability can lead to full system compromise, including execution of arbitrary commands on the affected server.

  • Attackers can gain reverse shells, allowing them to control the system remotely.
  • Data exfiltration is possible, risking sensitive information leakage.
  • Attackers may perform lateral movement within the network, compromising other systems.

The CVSS score of 10.0 (Critical) reflects the high impact on confidentiality, integrity, and availability.

Detection Guidance

This vulnerability can be detected by monitoring for attempts to send malformed JSON payloads to the `/api/mcp_server/test` endpoint, specifically those manipulating the "transport_type" parameter to "stdio" with embedded command parameters.

A proof-of-concept exploit involves sending such a crafted payload to the vulnerable DocsGPT server. Detection can involve inspecting logs or network traffic for suspicious POST requests to this endpoint.

Suggested commands to detect exploitation attempts include using tools like curl or network monitoring utilities to check for suspicious payloads:

  • curl -X POST http://<target-ip>/api/mcp_server/test -H "Content-Type: application/json" -d '{"transport_type":"stdio","command":"<malicious_command>"}'
  • Use network monitoring tools (e.g., tcpdump, Wireshark) to filter HTTP POST requests to `/api/mcp_server/test` and analyze payload contents for the "transport_type":"stdio" parameter.
  • Check application logs for unusual or malformed JSON payloads targeting the MCP STDIO configuration.
Mitigation Strategies

The immediate and most effective mitigation is to upgrade DocsGPT to version 0.16.0 or later, where this vulnerability has been patched.

If upgrading immediately is not possible, restrict access to the DocsGPT service, especially the `/api/mcp_server/test` endpoint, by limiting network exposure and applying firewall rules to prevent unauthorized access.

Monitor logs and network traffic for exploitation attempts and consider temporarily disabling or restricting the MCP STDIO configuration if feasible.

Impact Analysis

The vulnerability allows an attacker to execute arbitrary code remotely without any privileges or user interaction. This can lead to complete compromise of the affected system, including unauthorized access, data theft, system manipulation, or further attacks within the network.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade DocsGPT to version 0.16.0 or later, where the issue has been patched.

Compliance Impact

CVE-2026-26015 is a critical unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands on affected DocsGPT instances. This can lead to full system compromise, including data exfiltration and lateral movement.

Such a vulnerability poses significant risks to the confidentiality, integrity, and availability of data processed or stored by DocsGPT. Consequently, it can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive personal and health information against unauthorized access and breaches.

Organizations using vulnerable versions of DocsGPT may face challenges in maintaining compliance due to the potential for unauthorized data access and system compromise until the issue is patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-26015. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart