CVE-2026-5602

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Nor2-io heim-mcp versions up to 0.1.3

Description A flaw exists in the registerTools function within the src/tools.ts file of the new heim application/deploy heim application/deploy heim application to cloud component. This can lead to operating system command injection, requiring local access for exploitation. The issue has been publicly disclosed.

Recommendations Install patch c321d8af25f77668781e6ccb43a1336f9185df37 to address this issue.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-5602

GHSA-WX4P-JR66-JFP9

Affected Products

Heim-Mcp

CVE-2026-5602

Weakness Enumeration

Related Identifiers

Affected Products

References · 14