CVE-2026-5023

Name of the Vulnerable Software and Affected Versions DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6

Description A flaw exists in the getCodebase/getRemoteCodebase/saveCodebase functions within the src/tools/codebase.ts file of the RepoMix Command Handler component. This issue allows for operating system command injection. The attack requires local access. The exploit is publicly available. The product utilizes a rolling release model, making specific version information for updates unavailable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.