Skip to main content

Node.js CVE-2026-39313

| EUVDEUVD-2026-23300 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-04-16 https://github.com/QuantGeekDev/mcp-framework GHSA-353c-v8x9-v7c3
8.7
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
CVSS changed
Apr 16, 2026 - 22:22 NVD
8.7 (HIGH)
EUVD ID Assigned
Apr 16, 2026 - 21:15 euvd
EUVD-2026-23300
Patch released
Apr 16, 2026 - 21:15 nvd
Patch available
CVE Published
Apr 16, 2026 - 20:44 nvd
HIGH 8.7

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 89 npm packages depend on mcp-framework (87 direct, 2 indirect)

Ecosystem-wide dependent count for version 0.2.22.

DescriptionGitHub Advisory

Summary

The readRequestBody() function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request.

Details

File: src/transports/http/server.ts, lines 224-240

typescript
private async readRequestBody(req: IncomingMessage): Promise<any> {
    return new Promise((resolve, reject) => {
      let body = '';
      req.on('data', (chunk) => {
        body += chunk.toString();   // No size limit
      });
      req.on('end', () => {
        try {
          const parsed = body ? JSON.parse(body) : null;
          resolve(parsed);
        } catch (error) {
          reject(error);
        }
      });
      req.on('error', reject);
    });
  }

A maxMessageSize configuration value exists in DEFAULT_HTTP_STREAM_CONFIG (4MB, defined in src/transports/http/types.ts line 124) but is never enforced in readRequestBody(). This creates a false sense of security.

PoC

Local testing with 50MB POST payloads against the vulnerable readRequestBody() function:

TrialPayloadRSS growthTimeResult
150MB+197MB42msVulnerable
250MB+183MB46msVulnerable
350MB+15MB43msVulnerable
450MB+14MB32msVulnerable
550MB+65MB38msVulnerable

Reproducibility: 5/5 (100%)

Impact

  • Denial of Service: Any mcp-framework HTTP server can be crashed by a single large POST request to /mcp
  • No authentication required: readRequestBody() executes before any auth checks (auth is opt-in, default is no auth)
  • Dead config: maxMessageSize exists but is never enforced, giving a false sense of security
  • Affected: All applications using mcp-framework HttpStreamTransport (60,000 weekly npm downloads)

CWE-770: Allocation of Resources Without Limits or Throttling Suggested CVSS 3.1: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Suggested Fix

Enforce maxMessageSize in readRequestBody():

typescript
private async readRequestBody(req: IncomingMessage): Promise<any> {
    const maxSize = this._config.maxMessageSize || 4 * 1024 * 1024;
    return new Promise((resolve, reject) => {
      let body = '';
      let size = 0;
      req.on('data', (chunk) => {
        size += chunk.length;
        if (size > maxSize) {
          req.destroy();
          reject(new Error('Request body too large'));
          return;
        }
        body += chunk.toString();
      });
      // ...
    });
  }

Disclosure Timeline

This report follows coordinated disclosure. I request a 90-day window before public disclosure.

Reporter: Raza Sharif, CyberSecAI Ltd (contact@agentsign.dev)

Analysis

Summary

The readRequestBody() function in src/transports/http/server.ts concatenates HTTP request body chunks into a string with no size limit, allowing a remote unauthenticated attacker to crash the server via memory exhaustion with a single large HTTP POST request.

Details

File: src/transports/http/server.ts, lines 224-240

typescript
private async readRequestBody(req: IncomingMessage): Promise<any> {
    return new Promise((resolve, reject) => {
      let body = '';
      req.on('data', (chunk) => {
        body += chunk.toString();   // No size limit
      });
      req.on('end', () => {
        try {
          const parsed = body ? JSON.parse(body) : null;
          resolve(parsed);
        } catch (error) {
          reject(error);
        }
      });
      req.on('error', reject);
    });
  }

A maxMessageSize configuration value exists in DEFAULT_HTTP_STREAM_CONFIG (4MB, defined in src/transports/http/types.ts line 124) but is never enforced in readRequestBody(). This creates a false sense of security.

PoC

Local testing with 50MB POST payloads against the vulnerable readRequestBody() function:

TrialPayloadRSS growthTimeResult
150MB+197MB42msVulnerable
250MB+183MB46msVulnerable
350MB+15MB43msVulnerable
450MB+14MB32msVulnerable
550MB+65MB38msVulnerable

Reproducibility: 5/5 (100%)

Impact

  • Denial of Service: Any mcp-framework HTTP server can be crashed by a single large POST request to /mcp
  • No authentication required: readRequestBody() executes before any auth checks (auth is opt-in, default is no auth)
  • Dead config: maxMessageSize exists but is never enforced, giving a false sense of security
  • Affected: All applications using mcp-framework HttpStreamTransport (60,000 weekly npm downloads)

CWE-770: Allocation of Resources Without Limits or Throttling Suggested CVSS 3.1: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Suggested Fix

Enforce maxMessageSize in readRequestBody():

typescript
private async readRequestBody(req: IncomingMessage): Promise<any> {
    const maxSize = this._config.maxMessageSize || 4 * 1024 * 1024;
    return new Promise((resolve, reject) => {
      let body = '';
      let size = 0;
      req.on('data', (chunk) => {
        size += chunk.length;
        if (size > maxSize) {
          req.destroy();
          reject(new Error('Request body too large'));
          return;
        }
        body += chunk.toString();
      });
      // ...
    });
  }

Disclosure Timeline

This report follows coordinated disclosure. I request a 90-day window before public disclosure.

Reporter: Raza Sharif, CyberSecAI Ltd (contact@agentsign.dev)

CVE-2024-55591 CRITICAL POC
9.8 Jan 14

FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote

CVE-2014-7205 CRITICAL POC
10.0 Oct 08

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2017-14849 HIGH POC
7.5 Sep 28

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc

CVE-2017-5941 CRITICAL POC
9.8 Feb 09

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner

CVE-2014-3744 HIGH POC
7.5 Oct 23

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi

CVE-2014-9566 HIGH POC
7.5 Mar 10

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin

CVE-2013-4660 MEDIUM POC
6.8 Jun 28

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic

CVE-2015-5688 MEDIUM POC
5.0 Sep 04

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2014-7192 CRITICAL POC
10.0 Dec 11

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat

CVE-2013-4450 MEDIUM POC
5.0 Oct 21

The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se

Share

CVE-2026-39313 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy