Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

modelcontextprotocol — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting modelcontextprotocol. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Modelcontextprotocol serves as an interface for AI model interactions, enabling secure data exchange between applications and language models. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure API endpoints. The protocol's security posture has been challenged by multiple critical flaws, including several that allowed unauthorized access to sensitive data or system compromise. With 19 CVEs documented, the implementation has faced recurring issues around authentication and authorization, highlighting challenges in securing complex AI integrations. While no major public incidents have been widely reported, the volume of reported vulnerabilities indicates ongoing security concerns that require rigorous patch management and secure coding practices.

Top products by modelcontextprotocol: servers registry python-sdk go-sdk inspector typescript-sdk java-sdk ruby-sdk rust-sdk
CVE IDTitleCVSSSeverityPublished
CVE-2026-44428 MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience — registryCWE-918--2026-05-14
CVE-2026-44427 MCP Registry: Open Redirect — registryCWE-601--2026-05-14
CVE-2026-44429 MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl` — registryCWE-79--2026-05-14
CVE-2026-44430 MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist — registryCWE-918--2026-05-14
CVE-2026-45781 MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims — registryCWE-636 3.5 Low2026-05-14
CVE-2026-42559 RMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transport — rust-sdkCWE-346 8.8 High2026-05-14
CVE-2026-35568 MCP Java-SDK has a DNS Rebinding Vulnerability — java-sdkCWE-346 6.3AIMediumAI2026-04-07
CVE-2026-34742 Model Context Protocol Go SDK: DNS Rebinding Protection Disabled by Default for Servers Running on Localhost — go-sdkCWE-1188 7.1AIHighAI2026-04-02
CVE-2026-34237 MCP Java SDK has a Hardcoded Wildcard CORS (Access-Control-Allow-Origin: *) — java-sdkCWE-942 6.1 Medium2026-03-31
CVE-2026-33946 MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay — ruby-sdkCWE-384 8.2 -2026-03-27
CVE-2026-33252 MCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without Authorizatrion — go-sdkCWE-352 7.1 High2026-03-23
CVE-2026-27896 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity — go-sdkCWE-178 9.1AICriticalAI2026-02-26
CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries — serversCWE-22 8.6AIHighAI2026-02-25
CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse — typescript-sdkCWE-362 7.1 High2026-02-04
CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag — serversCWE-22 9.8AICriticalAI2025-12-17
CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files — serversCWE-88 9.1AICriticalAI2025-12-17
CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations — serversCWE-22 9.1AICriticalAI2025-12-17
CVE-2025-66416 DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost — python-sdkCWE-1188 7.1 -2025-12-02
CVE-2025-66414 DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost — typescript-sdkCWE-1188 7.5AIHighAI2025-12-02
CVE-2025-58444 MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server — inspectorCWE-84 6.1AIMediumAI2025-09-08
CVE-2025-53366 MCP SDK Vulnerable to FastMCP Server Validation Error, Leading to Denial of Service — python-sdkCWE-248 7.5 -2025-07-04
CVE-2025-53365 MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service — python-sdkCWE-248 7.5 -2025-07-04
CVE-2025-53109 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Prefix Matching and Symlink Handling — serversCWE-59 4.3AIMediumAI2025-07-02
CVE-2025-53110 Model Context Protocol Servers Vulnerable to Path Validation Bypass via Colliding Path Prefix — serversCWE-22 7.5AIHighAI2025-07-02
CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy — inspectorCWE-306 9.8AICriticalAI2025-06-13

This page lists every published CVE security advisory associated with modelcontextprotocol. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.