CVE-2025-13822

| EUVD-2025-209433 MEDIUM
2026-04-14 CERT-PL GHSA-9vq7-9h42-j88h
Authentication Bypass Mcphub
5.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 12:57 vuln.today

DescriptionNVD

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

AnalysisAI

MCPHub below version 0.11.0 allows unauthenticated attackers to bypass authentication on unprotected endpoints and perform actions with the privileges of other users. The vulnerability stems from missing authentication middleware on certain endpoints, enabling attackers on the local network (AV:A) to impersonate legitimate users without requiring credentials. No public exploit code or active exploitation has been confirmed at this time.

Technical ContextAI

MCPHub is a model control plane hub application that manages API endpoints and user privileges. The vulnerability arises from incomplete implementation of authentication middleware across the application's endpoint layer, classified as CWE-639 (Authorization Bypass Through User-Controlled Key). The affected versions (all 0.x releases prior to 0.11.0) fail to enforce authentication checks on certain endpoints, allowing an attacker on the same network segment to issue requests that are processed with the context and permissions of existing users. This is a classic authorization enforcement gap where some API routes were not wrapped with the necessary authentication guard.

RemediationAI

Upgrade MCPHub to version 0.11.0 or later, which includes fixes to ensure all endpoints are protected by authentication middleware. Users unable to upgrade immediately should implement network-level access controls to restrict connections to MCPHub endpoints to trusted internal networks only, combined with monitoring for unusual endpoint access patterns. The patch in version 0.11.0 adds comprehensive authentication guards across all previously unprotected endpoints. For additional details, consult the CERT-PL advisory at https://cert.pl/en/posts/2026/04/CVE-2025-13822.

Share

CVE-2025-13822 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy