CVE-2026-5327 is a medium-severity command injection vulnerability found in the efforthye fast-filesystem-mcp software up to version 3.5.1. The flaw resides in the handleGetDiskUsage function within the src/index.ts file, where insufficient input validation or sanitization allows an attacker to inject arbitrary commands. This vulnerability can be exploited remotely without requiring authentication or user interaction, increasing its risk profile. The attack vector is network-based (AV:N), with low attack complexity (AC:L), and no privileges required (PR:L). The vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:L, VI:L, VA:L). The vendor was informed early via an issue report but has not yet responded or released a patch. A public exploit has been released, increasing the likelihood of active exploitation. The vulnerability affects versions 3.5.0 and 3.5.1 of fast-filesystem-mcp, a filesystem management tool developed by efforthye. The lack of a patch and public exploit availability necessitate immediate attention from users of this software.

The command injection vulnerability allows remote attackers to execute arbitrary system commands on affected installations of fast-filesystem-mcp, potentially leading to unauthorized data access, modification, or deletion. This can compromise system confidentiality and integrity, and may disrupt availability if destructive commands are executed. Organizations relying on this software for filesystem management could experience operational disruptions, data breaches, or lateral movement by attackers within their networks. The presence of a public exploit increases the risk of widespread attacks, especially against unpatched systems. Since no authentication is required, any exposed instance of the vulnerable software is at risk. The impact is particularly critical for environments where fast-filesystem-mcp is deployed on sensitive or production systems.

Until an official patch is released, organizations should implement the following mitigations: 1) Restrict network access to the fast-filesystem-mcp service using firewalls or network segmentation to limit exposure to trusted hosts only. 2) Employ application-layer filtering or web application firewalls (WAFs) to detect and block suspicious command injection patterns targeting the handleGetDiskUsage function. 3) Monitor logs and network traffic for unusual command execution attempts or anomalies related to fast-filesystem-mcp. 4) If possible, disable or restrict the functionality invoking handleGetDiskUsage until a patch is available. 5) Engage with the vendor for updates and apply patches immediately upon release. 6) Consider deploying runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to detect exploitation attempts. 7) Conduct a thorough inventory of all fast-filesystem-mcp instances to ensure no vulnerable versions remain exposed.