23 matches found
MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. id...
VulnCheck KEV: CVE-2025-49596
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...
EUVD-2025-27271
Malicious code in bioql PyPI...
EUVD-2025-20870
Malicious code in bioql PyPI...
CVE-2025-58444
The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...
CVE-2025-58444
The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...
CVE-2025-58444 MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
The MCP inspector is a developer tool for testing and debugging MCP servers. A cross-site scripting issue was reported in versions of the MCP Inspector local development tool prior to 0.16.6 when connecting to untrusted remote MCP servers with a malicious redirect URI. This could be leveraged to...
CVE-2025-58444
The MCP Inspector (local development tool) is affected by an XSS flaw in versions prior to 0.16.6 when connecting to untrusted MCP servers with a malicious redirect URI. The flaw can be leveraged to interact with the inspector proxy and trigger arbitrary command execution on the developer machine...
GHSA-G9HG-QHMF-Q45M MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
An XSS flaw exists in the MCP Inspector local development tool when it renders a redirect URL returned by a remote MCP server. If the Inspector connects to an untrusted server, a crafted redirect can inject script into the Inspector context and, via the built-in proxy, be leveraged to trigger...
PT-2025-36620
An XSS issue was reported in the MCP Inspector local development tool when connecting to an untrusted remote MCP server with a malicious redirect URI. This could be leveraged to interact directly with the inspector proxy to trigger arbitrary command execution. Users are advised to update to 0.16....
MCP inspector 安全漏洞
MCP inspector is a development tool for debugging MCP servers. A security vulnerability exists in MCP inspector versions prior to 0.16.6 that stems from a cross-site scripting attack that could lead to arbitrary command execution...
The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, allows a attacker to perform a CSRF attack.
The vulnerability of the mcp dev tool for testing and debugging MCP servers, MCP Inspector, is related to the lack of authentication for the critical function. Exploiting this vulnerability allows a remote attacker to perform a CSRF attack...
MCP Inspector < 0.14.1 Remote Code Execution
According to the self-reported version number, the version of MCP Inspector hosted on the remote is affected by a Remote Code Execution vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. This detectio...
CVE-2025-49596
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...
GHSA-7F8R-222P-6F5G MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these...
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these...
CVE-2025-49596
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...
CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...
CVE-2025-49596
CVE-2025-49596 concerns MCP Inspector, a developer tool for MCP servers. Multiple connected sources confirm that versions below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated MCP commands to be launched...
CVE-2025-49596 MCP Inspector proxy server lacks authentication between the Inspector client and proxy
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio...