CVE-2026-44428
- EPSS 0.04%
- Veröffentlicht 14.05.2026 21:09:10
- Zuletzt bearbeitet 15.05.2026 17:23:35
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audience string, not to the specific registry instance bei...
CVE-2026-44429
- EPSS 0.04%
- Veröffentlicht 14.05.2026 21:05:56
- Zuletzt bearbeitet 15.05.2026 17:52:27
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (file internal/api/handlers/v0/ui_index.html) is vulnerable to stored cross-site scripting vi...
- EPSS 0.03%
- Veröffentlicht 14.05.2026 21:02:40
- Zuletzt bearbeitet 15.05.2026 19:16:59
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verification (POST /v0/auth/http, POST /v0.1/auth/http) uses safeDialContext (internal/api/handle...