3 matches found
CVE-2025-11287
CVE-2025-11287 affects samanhappy MCPHub up to version 0.9.10. The vulnerability is in the function handleSseConnectionfunction of src/services/sseService.ts, causing improper authentication. It can be triggered remotely and public exploits exist. Remediation per referenced advisories is to upgra...
Server-side Request Forgery (SSRF)
Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseUrl argument in the serverController.ts. An attacker can make the server initiate arbitrary requests to internal or external systems by...
CVE-2025-11285 samanhappy MCPHub serverController.ts os command injection
A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args results in os command injection. The attack can be launched remotely. The exploit has be...