Lucene search
K

5 matches found

GithubExploit
GithubExploit
added 2026/06/03 2:31 a.m.114 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 — MCPJam Unauthenticated Remote Code Execution...

9.8CVSS6.2AI score0.43671EPSS
Exploits32
OSV
OSV
added 2026/05/13 3:32 p.m.7 views

GHSA-VW82-7FV8-R6GP Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server

Summary If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server. The MCP gateway endpoint /mcp-connect/mcpid does not enforce Access Control Rules ACRs. Any authenticated Obot user who possesses an MCP Server ID can connect to that server...

9.6CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/13 3:32 p.m.15 views

Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server

Summary If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server. The MCP gateway endpoint /mcp-connect/mcpid does not enforce Access Control Rules ACRs. Any authenticated Obot user who possesses an MCP Server ID can connect to that server...

5.9AI score
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/03/29 4:26 p.m.126 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 — MCP Connect RCE via Unauthenticated Command I...

9.8CVSS6AI score0.43671EPSS
Exploits32
OSV
OSV
added 2026/03/19 12:51 p.m.4 views

GHSA-WVR4-3WQ4-GPC5 MCP Connect has unauthenticated remote OS command execution via /bridge endpoint

Summary When AUTHTOKEN and ACCESSTOKEN environment variables are not set which is the default out-of-the-box configuration the /bridge HTTP endpoint is completely unauthenticated. Any network-accessible caller can POST a request with an attacker-controlled serverPath and args payload, causing the...

9.8CVSS6.7AI score
Exploits0References2
Rows per page
Query Builder