CVE-2026-44428— MCP Registry 代码问题漏洞

MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance being targeted. On the client side, the publisher always appends audience=mcp-registry when requesting the GitHub Actions ID token, regardless of the selected --registry URL. On the server side, the exchange endpoint validates only that same fixed audience and then derives publish permissions directly from repository_owner. As a result, a token legitimately obtained while interacting with one registry deployment remains acceptable to any other deployment that shares the same code and audience string. This vulnerability is fixed in 1.7.6.

N/A

服务端请求伪造(SSRF)

MCP Registry 代码问题漏洞

MCP Registry是Model Context Protocol开源的一个MCP服务器应用商店。 MCP Registry 1.7.6之前版本存在代码问题漏洞，该漏洞源于客户端和服务器端GitHub OIDC流程仅绑定到全局受众字符串而非特定注册表实例，导致从一个注册表部署合法获取的令牌可被其他共享相同代码和受众字符串的部署接受。

N/A

N/A