420 matches found
PT-2026-6777
Name of the Vulnerable Software and Affected Versions MCP Salesforce Connector versions prior to 0.1.10 Description The software is a Model Context Protocol MCP server implementation for Salesforce integration. A flaw exists where arbitrary attribute access can lead to the disclosure of Salesforc...
CVE-2026-25536
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25546
Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...
EUVD-2026-5327
Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...
CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25536 @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
EUVD-2026-5335
MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless...
CVE-2026-25536
CVE-2026-25536 affects the MCP TypeScript SDK. From versions 1.10.0 through 1.25.3, cross‑client data can leak when a single McpServer/Server and transport instance is reused across multiple client connections (notably in stateless StreamableHTTPServerTransport deployments). The issue arises from...
Race Condition
Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Race Condition via the reuse of a single McpServer or Server instance and transport across multiple concurrent client connections. An attacker can acces...
PT-2026-6315
Name of the Vulnerable Software and Affected Versions MCP TypeScript SDK versions 1.10.0 through 1.25.3 Description The MCP TypeScript SDK, designed for Model Context Protocol servers and clients, exhibits a cross-client response data leak. This occurs when a single McpServer/Server and transport...
MCP TypeScript SDK 竞争条件问题漏洞
The MCP TypeScript SDK is an open-source development toolkit for Model Context Protocol, used by servers and clients of the model context protocol. Versions 1.10.0 to 1.25.3 of the MCP TypeScript SDK contain a race condition vulnerability, which stems from a data leakage across client responses...
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence AI assistant built into Docker Desktop and the Docker Command-Line Interface CLI, that could be exploited to execute code and exfiltrate sensitive data. The critical...
SMCP: Secure Model Context Protocol
Agentic AI systems built around large language models LLMs are moving away from closed, single-model frameworks and toward open ecosystems that connect a variety of agents, external tools, and resources. The Model Context Protocol MCP has emerged as a standard to unify tool access, allowing agent...
📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution
Proof of concept exploit for a remote code execution vulnerability in LibreChat MCP version 0.8.2-rc2 that leverages an unsanitized stdio server configuration issue...
📄 MCPJam 1.4.2 Command Injection
This Metasploit exploit module targets the MCP Model Context Protocol server, specifically exploiting a command injection vulnerability in the /api/mcp/connect endpoint. The vulnerability allows unauthorized remote command execution by sending crafted JSON payloads that are executed by the server...
Command Injection
Overview @sunwood-ai-labs/github-kanban-mcp-server is an A Model Context Protocol server for managing GitHub issues as Kanban using gh CLI Affected versions of this package are vulnerable to Command Injection via the createissue parameter. An attacker can execute arbitrary code in the context of...
A2A-POC
A2A Travel Agency Multi-Agent System A Proof of Concept demon...
MCPJam Inspector security vulnerabilities
MCPJam Inspector is an open-source debugging and quality analysis tool for the Model Context Protocol developed by MCPJam. Versions of MCPJam Inspector 1.4.2 and earlier contain security vulnerabilities. These vulnerabilities stem from specially crafted HTTP requests that can trigger the...
Community-powered security with AI: an open source framework for security research
Since its founding in 2019, GitHub Security Lab has had one primary goal: community-powered security. We believe that the best way to improve software security is by sharing knowledge and tools, and by using open source software so that everybody is empowered to audit the code and report any...
aiptx-cyber-mcp
Cyber MCPs - Security Tools for AI !MCP Securityhttps://...