PT-2026-51116
Name of the Vulnerable Software and Affected Versions dbt-mcp version 1.19.1 Description The local OAuth helper FastAPI server bundled with dbt-mcp exposes the 'GET /dbt platform context' endpoint without authentication or host-origin validation. After a user completes the OAuth login flow, this...