Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/01/07 9:10 a.m.2 views

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

8.7CVSS6.5AI score0.00038EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/01/05 9:30 p.m.12 views

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

8.7CVSS6.6AI score0.00038EPSS
Exploits1References7Affected Software1
OSV
OSVadded 2026/01/05 9:30 p.m.3 views

GHSA-8R9Q-7V3J-JR4G Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

8.7CVSS6.4AI score0.00038EPSS
Exploits1References7
NVD
NVDadded 2026/01/05 9:16 p.m.1 views

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

8.7CVSS0.00038EPSS
Exploits1References2
OSV
OSVadded 2026/01/05 9:16 p.m.1 views

CVE-2026-0621

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

7.5CVSS5.9AI score
Exploits0References2
CVE
CVEadded 2026/01/05 8:57 p.m.14 views

CVE-2026-0621

CVE-2026-0621 affects Anthropic’s MCP TypeScript SDK up to v1.25.1. The vulnerability is a ReDoS in the UriTemplate class when processing RFC 6570 exploded array patterns, where the generated regex uses nested quantifiers that can backtrack catastrophically. Exploitation requires sending a crafte...

8.7CVSS6.3AI score0.00038EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/01/05 12:0 a.m.2 views

MCP TypeScript SDK 安全漏洞

MCP TypeScript SDK is a Model Context Protocol open source developer toolkit for Model Context Protocol servers and clients. A security vulnerability exists in MCP TypeScript SDK 1.25.1 and earlier versions, which stems from a regular expression denial of service in the UriTemplate class when...

8.7CVSS6.2AI score0.00038EPSS
Exploits1References2
Rows per page
Query Builder