Lucene search
K

56 matches found

Cvelist
Cvelist
added 2026/06/30 7:16 p.m.38 views

CVE-2026-7663 Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.1CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 7:16 p.m.26 views

CVE-2026-7663

Langflow OSS 1.0.0–1.9.6 is affected by an improper authorization vulnerability in the Streamable MCP transport endpoint (/api/v1/mcp/project/{project_id}/streamable) that allows unauthenticated attackers to access protected MCP resources and perform MCP operations. IBM bulletin cites cross‑user ...

9.8CVSS5.8AI score0.00259EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53946

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.6 Description Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations...

9.8CVSS6AI score0.00259EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-331 excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

9.4CVSS6AI score0.00391EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 9:50 p.m.3 views

GHSA-4HF8-5MJM-RFGQ Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication

Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication Summary line-desktop-mcp supports a --http-mode Streamable HTTP transport for use with clients such as n8n. In this mode the server binds to 0.0.0.0 and exposes the MCP /mcp endpoint without an MCP-layer...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:17 p.m.3 views

Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...

9.8CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 2:10 p.m.33 views

CVE-2026-7664 Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:10 p.m.13 views

EUVD-2026-38281

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:10 p.m.3 views

CVE-2026-7664

IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51341

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.8.4 Description Improper authorization enforcement in the Streamable MCP transport endpoint allows unauthenticated attackers to access protected MCP project resources and execute MCP operations...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/17 5:55 p.m.6 views

Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the MCP Streamable HTTP process when custom headers are configured and the MCP endpoint responds with a cross-origin redirect. An attacker can obtain sensitive...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 9:31 p.m.5 views

GHSA-X7CF-6GP3-Q5F8 Duplicate Advisory: MCP Streamable HTTP redirects could forward configured custom headers to another origin

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rjxq-qqhf-8hwh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwar...

7.1CVSS5.3AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/06/16 6:4 p.m.16 views

CVE-2026-53840

OpenClaw CVE-2026-53840 affects the OpenClaw MCP stack before version 2026.5.12. The issue is an information-disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. If an attacker controls or can compromise an MCP end...

7.1CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49757

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.12 Description An information disclosure issue exists in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers controlling or compromising an MCP...

7.1CVSS5.3AI score0.00223EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/12 6:44 p.m.9 views

EUVD-2026-36544

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS5.3AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 6:8 a.m.13 views

CVE-2026-42559

A flaw was found in rmcp, the official Rust SDK for the Model Context Protocol. The Streamable HTTP server transport in rmcp failed to validate the incoming Host header, enabling a malicious public website to exploit this through a DNS rebinding attack. This allows the attacker to send...

8.8CVSS5.6AI score0.00213EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 2:24 p.m.7 views

EUVD-2026-30292

RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to...

8.8CVSS5.8AI score0.00213EPSS
Exploits0References5
CVE
CVE
added 2026/05/14 2:24 p.m.21 views

CVE-2026-42559

The RMCP Streamable HTTP server transport in the rmcp crate failed to validate the Host header prior to version 1.4.0, enabling a DNS rebinding attack that could cause authenticated requests to reach a victim’s local MCP server. Impact could include enumeration, reading state, and triggering side...

8.8CVSS5.8AI score0.00213EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 9:55 p.m.5 views

GHSA-89VP-X53W-74FX rmcp Streamable HTTP server transport has a DNS rebinding vulnerability

Summary Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport crates/rmcp/src/transport/streamablehttpserver/ did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send authenticated requests to an MCP server running...

8.8CVSS6.3AI score0.00213EPSS
Exploits0References10
Rows per page
Query Builder