CVE-2026-5602
Severity CVSS v4.0:
MEDIUM
Type:
CWE-77
Command Injection
Publication date:
05/04/2026
Last modified:
05/04/2026
Description
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: c321d8af25f77668781e6ccb43a1336f9185df37. It is suggested to install a patch to address this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/Nor2-io/heim-mcp/
- https://github.com/Nor2-io/heim-mcp/commit/c321d8af25f77668781e6ccb43a1336f9185df37
- https://github.com/Nor2-io/heim-mcp/issues/1
- https://github.com/Nor2-io/heim-mcp/pull/2
- https://github.com/user-attachments/files/25889482/heim-mcp_bug.pdf
- https://vuldb.com/submit/784862
- https://vuldb.com/vuln/355394
- https://vuldb.com/vuln/355394/cti