Regular Expression Denial of Service (ReDoS)

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the UriTemplate processing when handling RFC 6570 exploded array patterns. An attacker can cause excessive...

CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

CVE-2026-0621 MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service ReDoS vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested...

PT-2026-1337

Name of the Vulnerable Software and Affected Versions Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 Description The software contains a regular expression denial of service ReDoS issue within the UriTemplate class when handling RFC 6570 exploded array patterns. The dynamicall...