Security Bulletin: IBM Rhapsody Systems Engineering is using @modelcontextprotocol/sdk-1.15.0 which is vulnerable to CVE-2026-0621

Summary A security vulnerability was identified in the @modelcontextprotocol/sdk package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2026-0621...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service (CVE-2026-0621)

Summary Node.js module @modelcontextprotocol/sdk is found in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address th...

CVE-2026-0621 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards...

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

CVE-2026-0621

CVE-2026-0621 affects Anthropic’s MCP TypeScript SDK up to v1.25.1. The vulnerability is a ReDoS in the UriTemplate class when processing RFC 6570 exploded array patterns, where the generated regex uses nested quantifiers that can backtrack catastrophically. Exploitation requires sending a crafte...