3 matches found
CVE-2026-0621
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...
GHSA-8R9Q-7V3J-JR4G Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...
Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits
Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence AI company Anthropic's Model Context Protocol MCP Inspector project that could result in remote code execution RCE and allow an attacker to gain complete access to the hosts. The vulnerability,...