Medium severity5.3NVD Advisory· Published Apr 5, 2026· Updated Apr 29, 2026
CVE-2026-5603
CVE-2026-5603
Description
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be used. The name of the patch is aa1ffcc0aea1b212c69787391783af27df15ae9d. A patch should be applied to remediate this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@elgentos/magento2-dev-mcpnpm | <= 1.0.2 | — |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-xqv9-qr76-hfq2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-5603ghsaADVISORY
- github.com/elgentos/magento2-dev-mcp/commit/aa1ffcc0aea1b212c69787391783af27df15ae9dnvdWEB
- github.com/elgentos/magento2-dev-mcp/issues/4nvdWEB
- github.com/elgentos/magento2-dev-mcp/pull/5nvdWEB
- vuldb.com/submit/784864nvdWEB
- vuldb.com/vuln/355395nvdWEB
- vuldb.com/vuln/355395/ctinvdWEB
News mentions
0No linked articles in our index yet.