Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44895

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS5.5AI score0.00392EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.23 views

PT-2026-43619

Name of the Vulnerable Software and Affected Versions protobufjs affected versions not specified Description An issue exists where the software could recurse without a depth limit during the conversion of decoded messages to plain objects or JSON. This specifically affects the generated toObject...

7.5CVSS5.9AI score0.00324EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.20 views

PT-2026-43621

Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description An attacker can trigger the creation of unnecessary background threads in the server by exploiting the heartbeat mechanism. This occurs when a new connection is received or when a client sen...

7.5CVSS6.1AI score
Exploits0References16
NVD
NVD
added 2026/05/26 10:16 p.m.31 views

CVE-2026-44895

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 9:8 p.m.47 views

CVE-2026-44895 GitLab MCP Server: SSE transport has no authentication and wildcard CORS, exposing all GitLab tools

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 9:8 p.m.16 views

EUVD-2026-32003

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS5.8AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 9:8 p.m.38 views

CVE-2026-44895

CVE-2026-44895 (GitLab MCP Server SSE transport) has concrete technical details in the connected documents. The MCP server’s SSE HTTP transport (USE_SSE=true) ships with no authentication and sets Access-Control-Allow-Origin: * on all responses, exposing a stateful RPC endpoint backed by the oper...

9.2CVSS5.8AI score0.00392EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.25 views

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

8.8CVSS6.1AI score0.00203EPSS
Exploits0References33
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

GitLab MCP Server 安全漏洞

GitLab MCP Server is an open-source tool developed by yoda.digital that connects AI agents with GitLab repositories. Versions of GitLab MCP Server prior to 0.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication mechanisms at the HTTP transport laye...

9.2CVSS5.8AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder