{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5528", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-04T06:24:19.838Z", "datePublished": "2026-04-04T23:30:14.629Z", "dateUpdated": "2026-04-06T16:39:10.209Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-04T23:30:14.629Z"}, "title": "MoussaabBadla code-screenshot-mcp HTTP os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "MoussaabBadla", "product": "code-screenshot-mcp", "versions": [{"version": "0.1.0", "status": "affected"}], "modules": ["HTTP Interface"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-04T08:29:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "BruceJin (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/355281", "name": "VDB-355281 | MoussaabBadla code-screenshot-mcp HTTP os command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355281/cti", "name": "VDB-355281 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782064", "name": "Submit #782064 | MoussaabBadla code-screenshot-mcp 0.1.0 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wing3e/public_exp/issues/23", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T16:38:55.580133Z", "id": "CVE-2026-5528", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:39:10.209Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5528", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T16:38:55.580133Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:39:06.807Z"}}], "cna": {"title": "MoussaabBadla code-screenshot-mcp HTTP os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "BruceJin (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "MoussaabBadla", "modules": ["HTTP Interface"], "product": "code-screenshot-mcp", "versions": [{"status": "affected", "version": "0.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-04T08:29:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355281", "name": "VDB-355281 | MoussaabBadla code-screenshot-mcp HTTP os command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355281/cti", "name": "VDB-355281 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782064", "name": "Submit #782064 | MoussaabBadla code-screenshot-mcp 0.1.0 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/wing3e/public_exp/issues/23", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-04T23:30:14.629Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5528", "state": "PUBLISHED", "dateUpdated": "2026-04-06T16:39:10.209Z", "dateReserved": "2026-04-04T06:24:19.838Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-04T23:30:14.629Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-5528", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-05T00:16:04.157", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/wing3e/public_exp/issues/23"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/782064"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355281"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355281/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "code-screenshot-mcp", "source": "cna", "vendor": "MoussaabBadla"}, "product": "code-screenshot-mcp", "vendor": "moussaabbadla"}], "analysis": {"en": {"generated_at": "2026-04-05T02:20:42.880726+00:00", "value": {"mitigation_remediation": ["Check for an updated release of code-screenshot-mcp that contains a fix and upgrade if available. ", "If no fix exists, block access to the vulnerable HTTP endpoint from all but trusted networks using firewall or routing rules. ", "Deploy a web application firewall or input validation layer to detect and block malformed command injection payloads. ", "Enable detailed logs on the HTTP interface and monitor for suspicious or unexpected command execution activity."], "summary": {"action": "Immediate Patch", "impact": "Remote OS command execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all releases of MoussaabBadla\u00a0code-screenshot-mcp up to and including version\u00a00.1.0. The precise component within the HTTP interface that is impacted is not specified, but any instance of the application exposed to untrusted traffic is potentially vulnerable.", "description_and_impact": "A flaw in MoussaabBadla\u2019s code-screenshot-mcp HTTP interface allows an attacker to inject operating\u2011system commands via crafted requests, giving the attacker the ability to run arbitrary commands on the host. This results in a compromise of confidentiality, integrity, and availability, as the attacker can execute any shell command with the privileges of the running service.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a medium severity, but the public disclosure of an exploit and the lack of a vendor response increase the risk. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Attackers can reach the vulnerable interface remotely via HTTP, making the vector network\u2011based. Without a patch, the risk remains high, and the attack remains feasible as demonstrated by publicly available proof\u2011of\u2011concept code."}}}}, "created": "2026-04-06T20:26:51.986119+00:00", "updated": "2026-04-06T21:57:27.071260+00:00", "vendors": ["moussaabbadla", "moussaabbadla$PRODUCT$code-screenshot-mcp"]}