CVE-2026-5602

MEDIUM

Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection

Title source: cna
STIX 2.1

Description

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: c321d8af25f77668781e6ccb43a1336f9185df37. It is suggested to install a patch to address this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

References (8)

Core 8
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-355394 | Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection
https://vuldb.com/vuln/355394
Signature, Permissions Required signature permissions-required
VDB-355394 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/355394/cti
Third Party Advisory third-party-advisory
Submit #784862 | Nor2-io heim-mcp <=0.1.3 Command Injection
https://vuldb.com/submit/784862
Issue Tracking issue-tracking
https://github.com/Nor2-io/heim-mcp/issues/1
Patch issue-tracking patch
https://github.com/Nor2-io/heim-mcp/pull/2

Scores

CVSS v3 5.3
EPSS 0.0081
EPSS Percentile 52.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-77 CWE-78
Status published
Products (5)
nor2/heim-mcp 0npm
Nor2-io/heim-mcp 0.1.0
Nor2-io/heim-mcp 0.1.1
Nor2-io/heim-mcp 0.1.2
Nor2-io/heim-mcp 0.1.3
Published Apr 05, 2026
Tracked Since Apr 06, 2026