OS Command Injection Vulnerability in Braffolk MCP-Summarization-Functions
CVE-2026-5619
Key Information:
- Vendor
Braffolk
- Vendor
- CVE Published:
- 6 April 2026
Badges
What is CVE-2026-5619?
A security flaw exists in the Braffolk MCP-Summarization-Functions library, specifically within the summarize_command functionality of the server component (src/server/mcp-server.ts). This vulnerability allows for OS command injection, which could be exploited by an individual with local access to manipulate the command argument, potentially leading to unauthorized command execution on the host system. No response was received from the vendor following the initial disclosure of this issue, and the exploit has already been published, indicating an imminent threat to users of affected versions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
mcp-summarization-functions 0.1.0
mcp-summarization-functions 0.1.1
mcp-summarization-functions 0.1.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved