Compliance Impact

The vulnerability allows remote attackers to execute arbitrary OS commands on the affected system, potentially leading to full host compromise including unauthorized data access, modification, and service disruption.

Such unauthorized access and potential data breaches could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity and availability.

However, the provided information does not explicitly discuss compliance impacts or specific regulatory considerations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-5741 is a command injection vulnerability found in the docker-mcp-server project up to version 0.1.0. It affects functions like stop_container, remove_container, and pull_image in the src/index.ts file of the HTTP Interface component. The vulnerability arises because user inputs (such as container names or image tags) are directly concatenated into shell command strings without proper sanitization or escaping.

This improper handling allows an attacker to inject arbitrary operating system commands by including shell metacharacters in the input. For example, an attacker can send malicious input containing semicolons to execute unintended commands on the server.

The attack can be carried out remotely via the exposed MCP/HTTP interface, and the exploit has been publicly disclosed. The root cause is the direct interpolation of attacker-controlled data into shell commands executed asynchronously, leading to potential full host compromise.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized execution of arbitrary commands on the affected server with the privileges of the server process.

• Full host compromise allowing attackers to access, modify, or delete sensitive data.
• Disruption of services running on the affected system.
• Potential unauthorized control over container lifecycle operations such as stopping, removing, or pulling container images.

Because the attack can be performed remotely without authentication, it poses a high risk to confidentiality, integrity, and availability of the system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to exploit the command injection flaw in the affected docker-mcp-server's MCP/HTTP interface handlers such as stop_container, remove_container, or pull_image.

A practical detection method involves sending crafted JSON-RPC requests that include shell metacharacters in parameters to see if arbitrary commands are executed.

For example, sending a JSON-RPC request like the following can test for the vulnerability:

• curl -X POST http://<target>:<port>/ -H 'Content-Type: application/json' -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "stop_container", "arguments": { "container": "demo; id 2>/dev/null;" } } }'

If the server executes the injected 'id' command, it indicates the presence of the command injection vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting network access to the vulnerable MCP/HTTP interface to trusted users only.

Implement authentication, authorization, and rate limiting on the MCP/HTTP handlers to reduce exposure.

Avoid using the vulnerable versions of docker-mcp-server (up to 0.1.0) and monitor for any official patches or fixed versions from the project.

If possible, replace or patch the code to remove free-form shell command execution and use safer APIs such as spawn or execFile with argument arrays that do not invoke a shell.

Add input validation and schema validation at the MCP/HTTP boundary to prevent attacker-controlled input from reaching shell execution.

Useful 0 Not Useful 0