What is the CVSS score of CVE-2026-45781?

CVE-2026-45781 has a CVSS 3.1 base score of 3.5 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of MCP Registry are affected by CVE-2026-45781?

Improper ownership validation in MCP Registry prior to version 1.7.9 allows authenticated publishers to bind io.github. /* namespaces to OCI images they do not control when the upstream OCI…. A patch is available.

Is there a patch available for CVE-2026-45781?

Yes, a patch is available for CVE-2026-45781. Update the affected software to the latest version immediately.

MCP Registry CVE-2026-45781

EUVD-2026-30489 LOW

Not Failing Securely ('Failing Open') (CWE-636)

2026-05-14 security-advisories@github.com

GHSA-2v5f-5r6w-p67r

Information Disclosure Node.js

3.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

May 14, 2026 - 22:06 vuln.today

Patch available

May 14, 2026 - 22:02 EUVD

CVE Published

May 14, 2026 - 21:16 nvd

LOW 3.5

DescriptionNVD

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github.<user>/* namespace to OCI images they do not control. internal/validators/registries/oci.go:104-119 fails open on http.StatusTooManyRequests: when the registry's anonymous fetch to the upstream OCI registry is rate-limited, ValidateOCI returns nil and the publish is accepted without ever running the io.modelcontextprotocol.server.name label-match check at lines 122-141. That label check is the only cross-system ownership proof the registry applies to OCI packages - every other registry type (NPM, PyPI, NuGet, MCPB) treats a non-200 upstream response as a hard error. This vulnerability is fixed in 1.7.9.

AnalysisAI

Improper ownership validation in MCP Registry prior to version 1.7.9 allows authenticated publishers to bind io.github.<user>/* namespaces to OCI images they do not control when the upstream OCI registry returns HTTP 429 rate-limit responses. The vulnerability bypasses the label-match ownership proof check, enabling namespace hijacking for users who publish through OCI-based MCP servers. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45781 vulnerability details – vuln.today

Back