CVE-2026-5327
Received Received - Intake
Remote Command Injection in efforthye fast-filesystem-mcp handleGetDiskUsage

Publication date: 2026-04-02

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5327
EUVD
EUVD-2026-18202
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
efforthye fast-filesystem-mcp to 3.5.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5327 is a command injection vulnerability in the fast-filesystem-mcp project, specifically affecting the MCP server tools fast_get_disk_usage, fast_compress_files, and fast_extract_archive. The issue arises because these tools use Node.js's child_process.execAsync function unsafely by directly embedding user-controlled input parameters into shell commands without proper validation or sanitization.

This unsafe practice allows attackers to inject shell metacharacters (such as ;, &, |) into input parameters, which the system shell interprets as additional commands. As a result, an attacker can remotely execute arbitrary shell commands on the server running the MCP service.

The vulnerable code is located in src/index.ts at specific lines where command strings are constructed and executed without proper input handling. No patched versions are currently available.

Impact Analysis

Exploitation of this vulnerability allows an attacker to remotely execute arbitrary commands on the host server running the MCP service with the privileges of the MCP server process.

  • Attackers can gain unauthorized access to sensitive data stored on the server.
  • They can modify or delete files and system configurations.
  • The attacker may further compromise the system or use it as a foothold for additional attacks.

The risk is especially high in environments where large language model-generated tool parameters influenced by external content are used, as these may trigger command injection without direct user interaction.

Detection Guidance

This vulnerability can be detected by attempting to exploit the command injection flaw in the fast_get_disk_usage tool by injecting shell metacharacters into the path parameter and verifying if arbitrary commands execute.

A proof of concept involves running the MCP server and using the MCP Inspector to invoke the fast_get_disk_usage tool with a specially crafted path input that includes shell commands.

  • Start the MCP server by running: npm install && npm run build
  • Launch the MCP Inspector: npx @modelcontextprotocol/inspector
  • Configure the Inspector with transport type STDIO, command node, and arguments dist/index.js, then connect.
  • Select the fast_get_disk_usage tool.
  • Input a path parameter with an injected command, for example: D:\claude-projects\fast-filesystem-mcp"&whoami > poc.txt
  • Run the tool and then check if the file poc.txt was created and contains the output of the injected command (e.g., the username).
Mitigation Strategies

Immediate mitigation steps include avoiding the use of execAsync or execSync functions that execute shell commands constructed by concatenating user input.

Instead, use execFileSync or execFile, which allow specifying the command and its arguments as separate parameters, preventing shell interpretation of input.

Additionally, implement strict input validation and sanitization on all parameters exposed to MCP clients, especially path, output_path, archive_path, and extract_to.

Enforce parameter separation with proper escaping to prevent injection attacks.

Compliance Impact

The vulnerability allows remote attackers to execute arbitrary commands on the MCP server hosting the fast-filesystem-mcp package. This can lead to unauthorized access to sensitive data and system modification.

Such unauthorized access and potential data compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information and maintaining system integrity.

However, the provided information does not explicitly discuss compliance impacts or specific regulatory considerations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5327. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart