4 matches found
GO-2026-5008 MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry
MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry...
PT-2026-42384
MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry...
MCP Registry: OCI validator skips ownership check on upstream rate limits
OCI ownership validation fails open on upstream rate limits, allowing attacker to claim arbitrary public OCI images under their own namespace Severity: Low re-scored post-triage; see Maintainer triage note below Affected: modelcontextprotocol/registry main branch at commit fe0cb3b current HEAD as...
CVE-2026-45781
The CVE-2026-45781 issue affects the MCP Registry: before 1.7.9, OCI ownership validation can skip the label-match check when upstream OCI registry responses are HTTP 429. This allows an authenticated publisher to bind their io.github./* namespace to OCI images they do not control because the lab...