PT-2026-30564 · Chrischinchilla · Vale-Mcp

Brucejin

Published

2026-04-06

Updated

2026-04-06

CVE-2026-5621

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions ChrisChinchilla Vale-MCP versions up to 0.1.0

Description A vulnerability exists in ChrisChinchilla Vale-MCP up to version 0.1.0, specifically within the file src/index.ts of the HTTP Interface component. The manipulation of the config path argument results in OS command injection. Local access is required for exploitation. The exploit has been publicly disclosed.

Recommendations Update ChrisChinchilla Vale-MCP to a version beyond 0.1.0.

Exploit

Fix

Command Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-78

Related Identifiers

CVE-2026-5621

Affected Products

Vale-Mcp

PT-2026-30564 · Chrischinchilla · Vale-Mcp

CVE-2026-5621

Weakness Enumeration

Related Identifiers

Affected Products

References · 7