PT-2026-31446 · Idachev · Mcp-Javadc
Brucejin
·
Published
2026-04-08
·
Updated
2026-04-08
·
CVE-2026-5802
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
idachev mcp-javadc versions up to 1.2.4
Description
A flaw exists in the HTTP Interface component of idachev mcp-javadc, potentially allowing remote attackers to execute operating system commands. Manipulation of the
jarFilePath argument within an unknown function can lead to OS command injection. The exploit is publicly available.Recommendations
Update to a version beyond 1.2.4.
Exploit
Fix
Command Injection
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mcp-Javadc