CVE-2026-5602: Heim-mcp Command Injection - v0.1.0-0.1.3
Platform
nodejs
Component
heim-mcp
Fixed in
0.1.4
CVE-2026-5602 is a Command Injection vulnerability discovered in the heim-mcp component of Nor2-io's new_heim_application. Successful exploitation allows an attacker with local access to execute arbitrary operating system commands, potentially leading to system compromise. This vulnerability affects versions 0.1.0 through 0.1.3 of heim-mcp. A patch (0.1.4) is available to resolve this issue.
How to fix
Actualice a la versión 0.1.4 o superior para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. La actualización corrige la función registerTools en el archivo src/tools.ts, eliminando la posibilidad de ejecución de comandos arbitrarios.
Frequently asked questions
What is CVE-2026-5602?
CVE-2026-5602 is a Command Injection vulnerability in Heim-mcp versions 0.1.0 to 0.1.3. It allows an attacker with local access to execute arbitrary OS commands.
Am I affected by CVE-2026-5602?
You are affected if you are using Heim-mcp version 0.1.0, 0.1.1, 0.1.2, or 0.1.3. Versions prior to 0.1.4 are vulnerable.
How do I fix CVE-2026-5602?
Upgrade Heim-mcp to version 0.1.4 or later to address this vulnerability. The patch name is c321d8af25f77668781e6ccb43a1336f9185df37.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free