top of page
perceptive_background_267k.jpg

A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argu…

Published:

7 April 2026 at 22:00:00

Alert date:

8 April 2026 at 21:02:10

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A remote OS command injection vulnerability was identified in idachev mcp-javadc up to version 1.2.4. The vulnerability affects an unknown function in the HTTP Interface component, where manipulation of the jarFilePath argument leads to OS command injection. The attack can be launched remotely and a public exploit is available. The project maintainer has been notified through an issue report but has not yet responded to the disclosure.

Technical details

Mitigation steps:

Affected products:

idachev mcp-javadc

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-5802
https://github.com/BruceJqs/public_exp/issues/2
https://github.com/idachev/mcp-javadc/
https://github.com/idachev/mcp-javadc/issues/7
https://vuldb.com/submit/786974
https://vuldb.com/vuln/356241
https://vuldb.com/vuln/356241/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page