CVE-2026-5602: Heim-mcp Command Injection - 0.1.0-0.1.3
Plattform
nodejs
Komponente
heim-mcp
Behoben in
0.1.4
CVE-2026-5602 is a Command Injection vulnerability discovered in the heim-mcp component, specifically within the registerTools function of the src/tools.ts file. Successful exploitation allows an attacker with local access to execute arbitrary operating system commands, potentially leading to system compromise. This vulnerability affects versions 0.1.0 through 0.1.3 of heim-mcp. A patch addressing this issue has been released in version 0.1.4.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5602?
CVE-2026-5602 is a Command Injection vulnerability in the heim-mcp component (versions 0.1.0 - 0.1.3). It allows an attacker with local access to execute arbitrary OS commands.
Am I affected by CVE-2026-5602?
You are affected if you are using heim-mcp versions 0.1.0, 0.1.1, 0.1.2, or 0.1.3. If you are using a later version, you are not vulnerable.
How do I fix CVE-2026-5602?
Upgrade to version 0.1.4 or later to address this vulnerability. The patch identifier is c321d8af25f77668781e6ccb43a1336f9185df37.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten