CVE-2026-26015
Arbitrary Remote Code Execution in DocsGPT
Publication date: 2026-04-29
Last updated on: 2026-05-06
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arc53 | docsgpt | 0.15.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects DocsGPT, a GPT-powered chat for documentation, in versions from 0.15.0 up to but not including 0.16.0. An attacker who can access either the official DocsGPT website or any local or public deployment can craft a malicious payload that bypasses the "MCP test" security mechanism. By doing so, the attacker can achieve arbitrary remote code execution (RCE), meaning they can run any code they choose on the affected system.
How can this vulnerability impact me? :
The vulnerability allows an attacker to execute arbitrary code remotely without any privileges or user interaction. This can lead to complete compromise of the affected system, including unauthorized access, data theft, system manipulation, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade DocsGPT to version 0.16.0 or later, where the issue has been patched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-26015 is a critical unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands on affected DocsGPT instances. This can lead to full system compromise, including data exfiltration and lateral movement.
Such a vulnerability poses significant risks to the confidentiality, integrity, and availability of data processed or stored by DocsGPT. Consequently, it can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive personal and health information against unauthorized access and breaches.
Organizations using vulnerable versions of DocsGPT may face challenges in maintaining compliance due to the potential for unauthorized data access and system compromise until the issue is patched.
Can you explain this vulnerability to me?
CVE-2026-26015 is a critical unauthenticated remote code execution (RCE) vulnerability in DocsGPT versions 0.15.0 to 0.15.x. An attacker can bypass security checks by manipulating the "transport_type" parameter to "stdio" in a crafted payload sent to the MCP STDIO configuration. This allows the attacker to execute arbitrary commands on the server without authentication.
The flaw exists because of improper neutralization of special elements in the MCP tool configuration, leading to command injection (CWE-78). It affects the official DocsGPT cloud instance, public deployments, and local instances accessible within the same network.
A proof-of-concept exploit involves sending a malformed JSON payload to the `/api/mcp_server/test` endpoint with the malicious "transport_type" and command parameters. The vulnerability was patched in version 0.16.0.
How can this vulnerability impact me? :
This vulnerability can lead to full system compromise, including execution of arbitrary commands on the affected server.
- Attackers can gain reverse shells, allowing them to control the system remotely.
- Data exfiltration is possible, risking sensitive information leakage.
- Attackers may perform lateral movement within the network, compromising other systems.
The CVSS score of 10.0 (Critical) reflects the high impact on confidentiality, integrity, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for attempts to send malformed JSON payloads to the `/api/mcp_server/test` endpoint, specifically those manipulating the "transport_type" parameter to "stdio" with embedded command parameters.
A proof-of-concept exploit involves sending such a crafted payload to the vulnerable DocsGPT server. Detection can involve inspecting logs or network traffic for suspicious POST requests to this endpoint.
Suggested commands to detect exploitation attempts include using tools like curl or network monitoring utilities to check for suspicious payloads:
- curl -X POST http://<target-ip>/api/mcp_server/test -H "Content-Type: application/json" -d '{"transport_type":"stdio","command":"<malicious_command>"}'
- Use network monitoring tools (e.g., tcpdump, Wireshark) to filter HTTP POST requests to `/api/mcp_server/test` and analyze payload contents for the "transport_type":"stdio" parameter.
- Check application logs for unusual or malformed JSON payloads targeting the MCP STDIO configuration.
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation is to upgrade DocsGPT to version 0.16.0 or later, where this vulnerability has been patched.
If upgrading immediately is not possible, restrict access to the DocsGPT service, especially the `/api/mcp_server/test` endpoint, by limiting network exposure and applying firewall rules to prevent unauthorized access.
Monitor logs and network traffic for exploitation attempts and consider temporarily disabling or restricting the MCP STDIO configuration if feasible.