Product
A remote command injection vulnerability (CVE-2026-5802) exists in idachev mcp-javadc up to version 1.2.4 via the HTTP Interface by manipulating the jarFilePath argument, allowing unauthenticated attackers to execute arbitrary OS commands.