CVE-2026-5007 is a medium-severity OS command injection vulnerability found in the open-source project kazuph mcp-docs-rag, affecting all versions up to 0.5.0. The vulnerability resides in the cloneRepository function of the src/index.ts file, part of the add_git_repository/add_text_file component. This function improperly handles input that is used in OS command execution, allowing an attacker with local access and limited privileges to inject arbitrary commands into the operating system shell. The vulnerability does not require user interaction or elevated privileges beyond local access, making it exploitable by any local user or process with access to the affected function. The vulnerability was responsibly disclosed early to the project maintainers, but no patch or mitigation has been released as of the publication date. The availability of a public exploit increases the risk of exploitation, although no active exploitation has been reported. The CVSS 4.0 vector indicates low attack complexity, no user interaction, and limited impact on confidentiality, integrity, and availability, consistent with a medium severity rating. This vulnerability could be leveraged for privilege escalation, unauthorized command execution, or disruption of the affected system’s operation.

The primary impact of CVE-2026-5007 is the potential for local attackers to execute arbitrary OS commands on systems running vulnerable versions of kazuph mcp-docs-rag. This can lead to unauthorized access to sensitive data, modification or deletion of files, installation of malware, or disruption of service. Since the vulnerability requires local access, remote exploitation is not feasible unless combined with other vulnerabilities that provide initial access. However, in environments where multiple users share access or where local access controls are weak, this vulnerability could be exploited to escalate privileges or move laterally within a network. The lack of a vendor patch increases the window of exposure, and the availability of public exploits raises the likelihood of opportunistic attacks. Organizations relying on this software for documentation or repository management could face operational disruptions or data integrity issues if exploited.

Until an official patch is released, organizations should implement strict local access controls to limit who can execute or interact with the vulnerable software. Employing application whitelisting and monitoring for unusual command executions can help detect exploitation attempts. Running the software with the least privilege necessary and isolating it in sandboxed or containerized environments can reduce the impact of a successful attack. Reviewing and sanitizing any inputs to the cloneRepository function or replacing it with safer alternatives can mitigate risk if source code modification is feasible. Regularly monitoring vulnerability disclosures and applying patches promptly once available is critical. Additionally, auditing system logs for suspicious activity related to git repository cloning or command execution may provide early warning of exploitation attempts.