Technical description
A critical vulnerability (CVSS 10.0) in DocsGPT versions 0.15.0 through 0.15.x allows an attacker accessing the official DocsGPT website or any local/public deployment to craft a malicious payload that bypasses the 'MCP test' behavior and achieves arbitrary remote code execution. DocsGPT is a GPT-powered chat application for documentation that integrates with the Model Context Protocol (MCP) to extend capabilities.
Attack vector
An attacker crafts a malicious MCP-related payload that circumvents the application's MCP test validation logic. The bypass allows execution of arbitrary code in the context of the DocsGPT server. The vulnerability is exploitable remotely without authentication, and affects both the official hosted instance and self-hosted deployments.
Affected systems
DocsGPT versions 0.15.0 to before 0.16.0. Organizations using DocsGPT for internal documentation search, customer-facing documentation portals, or integrating DocsGPT into larger AI agent workflows are affected. The MCP integration makes this relevant to agentic AI deployments where DocsGPT acts as a knowledge retrieval tool for autonomous agents.
Mitigation
Upgrade DocsGPT to version 0.16.0 or later immediately. The patch was released on April 29, 2026, per the GitHub release notes. Review DocsGPT access logs for suspicious MCP-related requests prior to patch deployment. If immediate upgrade is not feasible, restrict network access to DocsGPT instances to trusted IP ranges and disable MCP integrations until patching is complete.