CVE-2026-5621
OS Command Injection in ChrisChinchilla Vale-MCP HTTP Interface
Publication date: 2026-04-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrischinchilla | vale-mcp | to 0.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5621 is a command injection vulnerability found in ChrisChinchilla Vale-MCP versions up to 0.1.0. It occurs because user input, specifically the argument 'config_path', is passed without proper sanitization into operating system command execution functions within the code. This allows an attacker to inject and execute arbitrary shell commands on the server hosting the application.
The vulnerable code is located in the files src/index.ts and src/vale-runner.ts, where commands are executed using functions like exec and execAsync. An attacker can exploit this by sending specially crafted requests to the MCP/HTTP interface, causing the server to run malicious commands.
This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and requires local or network access to the vulnerable endpoints. The exploit has been publicly disclosed.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to arbitrary command execution on the affected server with the privileges of the server process. This can result in full host compromise.
- Exposure of sensitive data (confidentiality loss)
- Modification or destruction of data (integrity loss)
- Disruption of service availability
Overall, the vulnerability poses a high security risk, potentially allowing attackers to take control of the server, access or alter data, and disrupt operations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the command injection via the vulnerable MCP/HTTP endpoints or tool handlers that accept the config_path parameter or similar arguments.
A proof-of-concept involves sending JSON-RPC requests invoking the tools/call method with crafted config_path values containing shell commands such as ";touch poc.txt;#" to create a file on the server, confirming command injection.
Detection commands could include sending crafted HTTP requests to the MCP/HTTP interface that include payloads designed to execute simple commands like creating a file or listing directories.
- Use curl or similar tools to send a JSON-RPC request with a malicious config_path, for example: curl -X POST http://<target>/rpc -d '{"method":"tools/call","params":{"config_path":";touch poc.txt;#"}}'
- Check the server filesystem for the presence of files like poc.txt created by the injected command.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or disabling the vulnerable functionality that executes shell commands with unsanitized input.
Replace free-form command execution with fixed allowlists and validated argument schemas to prevent injection.
Prefer using argument-array process execution methods that do not invoke a shell interpreter.
Add authentication, authorization, logging, and rate limiting on sensitive MCP/HTTP handlers to reduce exposure.
Implement strict input schema validation at MCP/HTTP boundaries to block attacker-controlled values from reaching OS command execution.
Monitor for suspicious activity and consider isolating or restricting network access to the vulnerable service until a patch is available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary OS command execution on the server hosting the affected software, which can lead to full host compromise including data exposure, integrity loss, and service disruption.
Such impacts can result in violations of data protection and security requirements mandated by common standards and regulations like GDPR and HIPAA, which require safeguarding confidentiality, integrity, and availability of sensitive data.
Therefore, exploitation of this vulnerability could lead to non-compliance with these regulations due to unauthorized data access or alteration and potential service outages.