Platform
nodejs
Component
fast-filesystem-mcp
Fixed in
3.5.1
3.5.2
3.5.1
CVE-2026-5327 describes a Command Injection vulnerability found in fast-filesystem-mcp, a Node.js library. This flaw allows attackers to remotely execute arbitrary commands on a system by manipulating the handleGetDiskUsage function within the src/index.ts file. The vulnerability impacts versions of fast-filesystem-mcp up to 3.5.0 and a public exploit is already available, posing a significant risk.
Successful exploitation of CVE-2026-5327 allows an attacker to gain complete control over the affected system. By injecting malicious commands through the handleGetDiskUsage function, an attacker can execute arbitrary code with the privileges of the process running fast-filesystem-mcp. This could lead to data theft, system compromise, and potential lateral movement within the network. The availability of a public exploit significantly increases the likelihood of exploitation, particularly in environments where the library is widely deployed and unpatched.
CVE-2026-5327 has a public exploit available, indicating a high probability of exploitation. The vulnerability was reported on 2026-04-02, and the project maintainers have not yet responded. This lack of response, combined with the public exploit, suggests a potentially urgent situation. The vulnerability's ease of exploitation and the lack of a patch make it a prime target for attackers.
Exploit Status
EPSS
1.23% (79% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5327 is to upgrade to a patched version of fast-filesystem-mcp. Currently, no patched version is available, so immediate action is required. As a temporary workaround, consider implementing input validation and sanitization on any data passed to the handleGetDiskUsage function to prevent command injection. Additionally, restrict network access to the service using fast-filesystem-mcp to only trusted sources. Monitor system logs for unusual command execution patterns. After upgrading (when a patch is released), confirm the vulnerability is resolved by attempting the exploit and verifying that it fails.
Update the fast-filesystem-mcp package to a version later than 3.5.1, if one exists, that fixes the command injection vulnerability. If no patched version is available, consider disabling or removing the package until an update is published.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5327 is a Command Injection vulnerability in fast-filesystem-mcp versions up to 3.5.0, allowing remote command execution via the handleGetDiskUsage function.
You are affected if you are using fast-filesystem-mcp version 3.5.0 or earlier. Immediate action is required as a public exploit exists.
Upgrade to a patched version of fast-filesystem-mcp. As no patch is currently available, implement input validation and restrict network access as temporary workarounds.
Yes, a public exploit exists, indicating a high probability of active exploitation.
As of the current date, no official advisory has been released by the fast-filesystem-mcp project. Monitor the project's repository and website for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.