Detections
Analytics

CVE-2026-5802

medium

Description

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

https://vuldb.com/vuln/356241/cti

https://vuldb.com/vuln/356241

https://vuldb.com/submit/786974

https://github.com/idachev/mcp-javadc/issues/7

https://github.com/idachev/mcp-javadc/

https://github.com/BruceJqs/public_exp/issues/2

Details

Source: Mitre, NVD

Published: 2026-04-08

Updated: 2026-04-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium