{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5802/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5802"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["mcp-javadc"],"_cs_severities":["critical"],"_cs_tags":["command-injection","web-application","cve-2026-5802"],"_cs_type":"advisory","_cs_vendors":["idachev"],"content_html":"\u003cp\u003eA critical OS command injection vulnerability, CVE-2026-5802, has been identified in idachev mcp-javadc, a Java decompiler, up to version 1.2.4. The vulnerability resides within the HTTP Interface component. By manipulating the \u003ccode\u003ejarFilePath\u003c/code\u003e argument, a remote attacker can inject and execute arbitrary operating system commands on the server. This vulnerability is remotely exploitable without authentication, increasing the severity. Publicly available exploits exist, potentially leading to widespread exploitation. The vendor has been notified through an issue report but has not yet responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a malicious HTTP request to the vulnerable \u003ccode\u003emcp-javadc\u003c/code\u003e server.\u003c/li\u003e\n\u003cli\u003eThe HTTP request targets the HTTP Interface component.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts the request to manipulate the \u003ccode\u003ejarFilePath\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe server-side code fails to properly sanitize the \u003ccode\u003ejarFilePath\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe unsanitized \u003ccode\u003ejarFilePath\u003c/code\u003e argument is passed to an operating system command.\u003c/li\u003e\n\u003cli\u003eThe injected OS command is executed by the server with the privileges of the \u003ccode\u003emcp-javadc\u003c/code\u003e process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform further actions, such as data exfiltration, lateral movement, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5802 allows unauthenticated remote attackers to execute arbitrary operating system commands on the affected system. This can lead to complete system compromise, including data theft, malware installation, and denial of service. As this vulnerability affects a software development tool, successful attacks could compromise software build pipelines, leading to supply chain attacks. The number of potential victims is currently unknown, but given the publicly available exploit, the risk of widespread exploitation is high.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches for \u003ccode\u003emcp-javadc\u003c/code\u003e if they become available.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious JarFilePath Parameter in HTTP Request\u003c/code\u003e to identify exploitation attempts targeting the \u003ccode\u003ejarFilePath\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual HTTP requests containing suspicious characters or command sequences within the \u003ccode\u003ejarFilePath\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures on the server-side to prevent command injection.\u003c/li\u003e\n\u003cli\u003ePlace the affected server in an isolated network segment to limit the impact of potential compromise.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2026-04-mcp-javadc-command-injection/","summary":"A remote command injection vulnerability (CVE-2026-5802) exists in idachev mcp-javadc up to version 1.2.4 via the HTTP Interface by manipulating the jarFilePath argument, allowing unauthenticated attackers to execute arbitrary OS commands.","title":"idachev mcp-javadc OS Command Injection via HTTP Interface (CVE-2026-5802)","url":"https://feed.craftedsignal.io/briefs/2026-04-mcp-javadc-command-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - Cve-2026-5802","version":"https://jsonfeed.org/version/1.1"}