CVE-2026-5741
Received Received - Intake
OS Command Injection in suvarchal docker-mcp-server HTTP Interface

Publication date: 2026-04-07

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-04-08
EPSS Evaluated
2026-05-05
NVD
CVE-2026-5741
EUVD
EUVD-2026-19933
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
suvarchal docker-mcp-server to 0.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows remote attackers to execute arbitrary OS commands on the affected system, potentially leading to full host compromise including unauthorized data access, modification, and service disruption.

Such unauthorized access and potential data breaches could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining system integrity and availability.

However, the provided information does not explicitly discuss compliance impacts or specific regulatory considerations.


Can you explain this vulnerability to me?

CVE-2026-5741 is a command injection vulnerability found in the docker-mcp-server project up to version 0.1.0. It affects functions like stop_container, remove_container, and pull_image in the src/index.ts file of the HTTP Interface component. The vulnerability arises because user inputs (such as container names or image tags) are directly concatenated into shell command strings without proper sanitization or escaping.

This improper handling allows an attacker to inject arbitrary operating system commands by including shell metacharacters in the input. For example, an attacker can send malicious input containing semicolons to execute unintended commands on the server.

The attack can be carried out remotely via the exposed MCP/HTTP interface, and the exploit has been publicly disclosed. The root cause is the direct interpolation of attacker-controlled data into shell commands executed asynchronously, leading to potential full host compromise.


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized execution of arbitrary commands on the affected server with the privileges of the server process.

  • Full host compromise allowing attackers to access, modify, or delete sensitive data.
  • Disruption of services running on the affected system.
  • Potential unauthorized control over container lifecycle operations such as stopping, removing, or pulling container images.

Because the attack can be performed remotely without authentication, it poses a high risk to confidentiality, integrity, and availability of the system.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to exploit the command injection flaw in the affected docker-mcp-server's MCP/HTTP interface handlers such as stop_container, remove_container, or pull_image.

A practical detection method involves sending crafted JSON-RPC requests that include shell metacharacters in parameters to see if arbitrary commands are executed.

For example, sending a JSON-RPC request like the following can test for the vulnerability:

  • curl -X POST http://<target>:<port>/ -H 'Content-Type: application/json' -d '{"jsonrpc": "2.0", "id": 1, "method": "tools/call", "params": { "name": "stop_container", "arguments": { "container": "demo; id 2>/dev/null;" } } }'

If the server executes the injected 'id' command, it indicates the presence of the command injection vulnerability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to the vulnerable MCP/HTTP interface to trusted users only.

Implement authentication, authorization, and rate limiting on the MCP/HTTP handlers to reduce exposure.

Avoid using the vulnerable versions of docker-mcp-server (up to 0.1.0) and monitor for any official patches or fixed versions from the project.

If possible, replace or patch the code to remove free-form shell command execution and use safer APIs such as spawn or execFile with argument arrays that do not invoke a shell.

Add input validation and schema validation at the MCP/HTTP boundary to prevent attacker-controlled input from reaching shell execution.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart