Regular Expression Denial of Service (ReDoS)

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the UriTemplate processing when handling RFC 6570 exploded array patterns. An attacker can cause excessive...

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Impact A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp function generates a regex pattern with nested quantifiers ^/+?:,^/+ for exploded template variables e.g., /id, ?tags, causing catastrophic backtracking on malicious input. Who is...

CVE-2026-0621

CVE-2026-0621 affects Anthropic’s MCP TypeScript SDK up to v1.25.1. The vulnerability is a ReDoS in the UriTemplate class when processing RFC 6570 exploded array patterns, where the generated regex uses nested quantifiers that can backtrack catastrophically. Exploitation requires sending a crafte...

Rocky Enterprise Software Foundation OpenStack Platform 16.1 bug fix and enhancement advisory

An update is available for python-gflags, python-oauth2client, google-api-python-client, python-httplib2, python-uritemplate. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...