2 matches found
gpt-researcher-mcp (>=0.1.0 <=0.1.5), iflow-mcp-joshualelon-deep-research-mcp (=0.1.0) +1 more potentially affected by CVE-2026-5632 via gpt-researcher (=0.15.1)
gpt-researcher PYPI version =0.15.1 is affected by a known vulnerability. The following packages have a transitive dependency on gpt-researcher and may be impacted: - gpt-researcher-mcp =0.1.0, =2.1.6, =2.1.8 Source cves: CVE-2026-5632 Source advisory: SNYK:PYTHON-GPTRESEARCHER-15917488...
CVE-2026-5632
CVE-2026-5632 concerns assafelovic gpt-researcher (versions up to 3.4.3) where the HTTP REST API Endpoint has a missing authentication issue in a manipulated request. The vulnerability is remote, with PROOF-OF-CONCEPT exploitation and a CVSS base score in the MEDIUM-HIGH range across CVSS version...