{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5741/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5741"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["docker-mcp-server"],"_cs_severities":["high"],"_cs_tags":["command-injection","docker","CVE-2026-5741"],"_cs_type":"advisory","_cs_vendors":["suvarchal"],"content_html":"\u003cp\u003eA critical vulnerability, identified as CVE-2026-5741, affects suvarchal docker-mcp-server versions up to 0.1.0. The vulnerability resides within the \u003ccode\u003estop_container\u003c/code\u003e, \u003ccode\u003eremove_container\u003c/code\u003e, and \u003ccode\u003epull_image\u003c/code\u003e functions of the \u003ccode\u003esrc/index.ts\u003c/code\u003e file, which constitute the HTTP Interface. Successful exploitation allows for remote OS command injection, granting an attacker the ability to execute arbitrary commands on the host system. Public exploits are available, significantly increasing the risk of widespread exploitation. The project maintainers were notified but have not responded. This lack of response elevates the urgency for defenders to implement detection and mitigation measures to prevent potential breaches.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of suvarchal docker-mcp-server running version 0.1.0 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting one of the vulnerable functions: \u003ccode\u003estop_container\u003c/code\u003e, \u003ccode\u003eremove_container\u003c/code\u003e, or \u003ccode\u003epull_image\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes specially crafted input designed to inject OS commands. This input is embedded within the parameters expected by the vulnerable functions.\u003c/li\u003e\n\u003cli\u003eThe docker-mcp-server processes the request and passes the attacker-controlled input to the underlying operating system without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe operating system executes the injected commands, allowing the attacker to perform arbitrary actions on the host.\u003c/li\u003e\n\u003cli\u003eThe attacker gains initial access to the system and can then attempt to escalate privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker establishes persistence through methods like creating new user accounts or modifying system startup scripts.\u003c/li\u003e\n\u003cli\u003eThe attacker moves laterally within the network, compromising additional systems and exfiltrating sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to execute arbitrary commands on the host system where the docker-mcp-server is running. This can lead to complete system compromise, data theft, and denial of service. Given the nature of docker-mcp-server, compromised systems could provide access to containerized environments, potentially impacting multiple applications and services. The availability of public exploits makes this a high-risk vulnerability, potentially impacting any organization using the affected docker-mcp-server versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP requests targeting the \u003ccode\u003estop_container\u003c/code\u003e, \u003ccode\u003eremove_container\u003c/code\u003e, and \u003ccode\u003epull_image\u003c/code\u003e functions (see example Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization on any applications or services using docker-mcp-server.\u003c/li\u003e\n\u003cli\u003eApply patches or updates to docker-mcp-server as soon as they become available to address CVE-2026-5741.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment to detect exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-10T12:00:00Z","date_published":"2024-01-10T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-10-docker-mcp-server-command-injection/","summary":"A remote OS command injection vulnerability exists in suvarchal docker-mcp-server up to version 0.1.0 allowing for arbitrary command execution via the stop_container, remove_container, or pull_image functions within the src/index.ts file.","title":"suvarchal docker-mcp-server Remote OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-10-docker-mcp-server-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - CVE-2026-5741","version":"https://jsonfeed.org/version/1.1"}