Vulnerabilities ›

CVE-2026-5619

Medium

CWE-77 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 9, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipulation of the argument command can lead to os command injection. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-5619 is an OS command injection vulnerability in Braffolk mcp-summarization-functions up to version 0.1.5 affecting the summarize_command function. The flaw allows local attackers to execute arbitrary OS commands by manipulating the command argument.

📄 Description (Arabic)

يؤثر هذا الضعف على مكون summarize_command في ملف src/server/mcp-server.ts ويسمح بحقن أوامر نظام التشغيل من خلال معالجة غير آمنة لوسائط الأوامر. يتطلب الاستغلال وصولاً محلياً والاستغلال متاح بالفعل للجمهور.

🤖 ملخص تنفيذي (AI)

This vulnerability in Braffolk mcp-summarization-functions versions up to 0.1.5 permits OS command injection through the summarize_command function. Local attackers can exploit this by manipulating command arguments to execute arbitrary operating system commands.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 02:39

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government telecom banking

🎯 MITRE ATT&CK Techniques

T1059.004 T1548.004 T1190

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update Braffolk mcp-summarization-functions to version 0.1.6 or later immediately. Implement strict input validation and sanitization for all command arguments. Apply principle of least privilege to limit local access. Monitor and restrict execution of the summarize_command function.

🔧 خطوات المعالجة (العربية)

قم بتحديث Braffolk mcp-summarization-functions إلى الإصدار 0.1.6 أو أحدث فوراً. طبق التحقق الصارم من صحة المدخلات وتنظيفها لجميع وسائط الأوامر. طبق مبدأ أقل صلاحية لتقييد الوصول المحلي. راقب وقيد تنفيذ وظيفة summarize_command.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.12.2.1 A.12.6.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.AC-3

🟡 ISO 27001:2022

A.5.1.1 A.6.1.1 A.12.2.1

🔗 References & Sources 4

🔗

https://github.com/wing3e/public_exp/issues/26

cna@vuldb.com

🔗

https://vuldb.com/submit/785574

cna@vuldb.com

🔗

https://vuldb.com/vuln/355409

cna@vuldb.com

🔗

https://vuldb.com/vuln/355409/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-77

EPSS0.50%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-77

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-5619

Introduce Yourself

Sign In Required