CVE-2026-26015
10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| arc53 | DocsGPT | >= 0.15.0, < 0.16.0 | affected |
Weaknesses
- CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
CVE Program Container
Additional References
- https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/
- https://www.ox.security/blog/the-mother-of-all-ai-supply-chains-critical-systemic-vulnerability-at-the-core-of-the-mcp/
References
- https://github.com/arc53/DocsGPT/security/advisories/GHSA-gcrq-f296-2j74
- https://github.com/arc53/DocsGPT/releases/tag/0.16.0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.