{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7061", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-26T07:03:10.819Z", "datePublished": "2026-04-26T22:00:17.561Z", "dateUpdated": "2026-04-27T16:38:22.537Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T22:00:17.561Z"}, "title": "Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "Toowiredd", "product": "chatgpt-mcp-server", "versions": [{"version": "0.1.0", "status": "affected"}], "modules": ["MCP/HTTP"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-26T09:08:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "MidA (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359636", "name": "VDB-359636 | Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/359636/cti", "name": "VDB-359636 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/798613", "name": "Submit #798613 | Toowiredd chatgpt-mcp-server 0.1.0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Toowiredd/chatgpt-mcp-server/issues/8", "tags": ["issue-tracking"]}, {"url": "https://github.com/wing3e/public_exp/issues/28", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/Toowiredd/chatgpt-mcp-server/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T16:37:40.578338Z", "id": "CVE-2026-7061", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T16:38:22.537Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7061", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T16:37:40.578338Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T16:38:03.413Z"}}], "cna": {"title": "Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "MidA (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Toowiredd", "modules": ["MCP/HTTP"], "product": "chatgpt-mcp-server", "versions": [{"status": "affected", "version": "0.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-26T09:08:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359636", "name": "VDB-359636 | Toowiredd chatgpt-mcp-server MCP/HTTP docker.service.ts os command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/359636/cti", "name": "VDB-359636 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/798613", "name": "Submit #798613 | Toowiredd chatgpt-mcp-server 0.1.0 OS Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Toowiredd/chatgpt-mcp-server/issues/8", "tags": ["issue-tracking"]}, {"url": "https://github.com/wing3e/public_exp/issues/28", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/Toowiredd/chatgpt-mcp-server/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-26T22:00:17.561Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7061", "state": "PUBLISHED", "dateUpdated": "2026-04-27T16:38:22.537Z", "dateReserved": "2026-04-26T07:03:10.819Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-26T22:00:17.561Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. This manipulation causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-7061", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-26T22:17:33.817", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Toowiredd/chatgpt-mcp-server/"}, {"source": "cna@vuldb.com", "url": "https://github.com/Toowiredd/chatgpt-mcp-server/issues/8"}, {"source": "cna@vuldb.com", "url": "https://github.com/wing3e/public_exp/issues/28"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/798613"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359636"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359636/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "chatgpt-mcp-server", "source": "cna", "vendor": "Toowiredd"}, "product": "chatgpt-mcp-server", "vendor": "toowiredd"}], "analysis": {"en": {"generated_at": "2026-04-28T05:03:38.968458+00:00", "value": {"mitigation_remediation": ["Update Toowiredd chatgpt-mcp-server to a fixed version as soon as it becomes available.", "Restrict access to the MCP/HTTP endpoint so that only trusted IP addresses can reach it, and apply firewall rules to block unauthenticated traffic.", "Limit the privileges of the Docker service or disable the endpoint path that processes user\u2011supplied commands to prevent arbitrary command execution."], "summary": {"action": "Apply Patch", "impact": "Remote Command Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Toowiredd chatgpt-mcp-server versions up to and including 0.1.0. No other vendors or product versions are reported as impacted.", "description_and_impact": "A weakness in the Toowiredd chatgpt-mcp-server allows remote attackers to inject arbitrary operating\u2011system commands through an unvalidated input in the docker.service.ts component of the MCP/HTTP interface. The injection can be triggered by carefully crafted requests, enabling the attacker to execute any system command with the privileges of the running service. This results in remote code execution and compromises the confidentiality, integrity, and availability of the host system.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. Nevertheless, a publicly available proof\u2011of\u2011concept exploit exists on GitHub, and the project has been notified but not yet responded, so the risk remains unmitigated. The exploit can be carried out over the network via the exposed HTTP API, making remote attackers able to achieve arbitrary command execution. The vulnerability is not listed in CISA KEV, but its public exposure calls for immediate attention."}}}}, "created": "2026-04-27T19:51:54.055739+00:00", "updated": "2026-04-28T05:15:22.935894+00:00", "vendors": ["toowiredd", "toowiredd$PRODUCT$chatgpt-mcp-server"]}