Executive Summary

CVE-2026-5621 is a command injection vulnerability found in ChrisChinchilla Vale-MCP versions up to 0.1.0. It occurs because user input, specifically the argument 'config_path', is passed without proper sanitization into operating system command execution functions within the code. This allows an attacker to inject and execute arbitrary shell commands on the server hosting the application.

The vulnerable code is located in the files src/index.ts and src/vale-runner.ts, where commands are executed using functions like exec and execAsync. An attacker can exploit this by sending specially crafted requests to the MCP/HTTP interface, causing the server to run malicious commands.

This vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and requires local or network access to the vulnerable endpoints. The exploit has been publicly disclosed.

Useful 0 Not Useful 0

Impact Analysis

Exploitation of this vulnerability can lead to arbitrary command execution on the affected server with the privileges of the server process. This can result in full host compromise.

• Exposure of sensitive data (confidentiality loss)
• Modification or destruction of data (integrity loss)
• Disruption of service availability

Overall, the vulnerability poses a high security risk, potentially allowing attackers to take control of the server, access or alter data, and disrupt operations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to exploit the command injection via the vulnerable MCP/HTTP endpoints or tool handlers that accept the config_path parameter or similar arguments.

A proof-of-concept involves sending JSON-RPC requests invoking the tools/call method with crafted config_path values containing shell commands such as ";touch poc.txt;#" to create a file on the server, confirming command injection.

Detection commands could include sending crafted HTTP requests to the MCP/HTTP interface that include payloads designed to execute simple commands like creating a file or listing directories.

• Use curl or similar tools to send a JSON-RPC request with a malicious config_path, for example: curl -X POST http://<target>/rpc -d '{"method":"tools/call","params":{"config_path":";touch poc.txt;#"}}'
• Check the server filesystem for the presence of files like poc.txt created by the injected command.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include removing or disabling the vulnerable functionality that executes shell commands with unsanitized input.

Replace free-form command execution with fixed allowlists and validated argument schemas to prevent injection.

Prefer using argument-array process execution methods that do not invoke a shell interpreter.

Add authentication, authorization, logging, and rate limiting on sensitive MCP/HTTP handlers to reduce exposure.

Implement strict input schema validation at MCP/HTTP boundaries to block attacker-controlled values from reaching OS command execution.

Monitor for suspicious activity and consider isolating or restricting network access to the vulnerable service until a patch is available.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows arbitrary OS command execution on the server hosting the affected software, which can lead to full host compromise including data exposure, integrity loss, and service disruption.

Such impacts can result in violations of data protection and security requirements mandated by common standards and regulations like GDPR and HIPAA, which require safeguarding confidentiality, integrity, and availability of sensitive data.

Therefore, exploitation of this vulnerability could lead to non-compliance with these regulations due to unauthorized data access or alteration and potential service outages.

Useful 0 Not Useful 0