Skip to main content

Deeptutor

1 CVEs product

Monthly

CVE-2026-58168 HIGH PATCH This Week

Privilege escalation via missing authorization in HKUDS DeepTutor before 1.4.10 lets any authenticated low-privilege user invoke deployment-wide MCP (Model Context Protocol) tools they were never granted. The root cause is the allowed_mcp_tools function in deeptutor/multi_user/tool_access.py returning None (interpreted as 'allow all') instead of a denied result when the mcp_tools key is omitted from a user's grant, so a regular user - or prompt-injected content running inside their session - can enumerate and call filesystem, shell, and browser MCP servers. No public exploit is identified at the time of analysis and it is not in CISA KEV, but a vendor patch (v1.4.10) is available and the issue was reported by VulnCheck.

Authentication Bypass Deeptutor
NVD GitHub
CVSS 4.0
7.7
EPSS
0.4%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Privilege escalation via missing authorization in HKUDS DeepTutor before 1.4.10 lets any authenticated low-privilege user invoke deployment-wide MCP (Model Context Protocol) tools they were never granted. The root cause is the allowed_mcp_tools function in deeptutor/multi_user/tool_access.py returning None (interpreted as 'allow all') instead of a denied result when the mcp_tools key is omitted from a user's grant, so a regular user - or prompt-injected content running inside their session - can enumerate and call filesystem, shell, and browser MCP servers. No public exploit is identified at the time of analysis and it is not in CISA KEV, but a vendor patch (v1.4.10) is available and the issue was reported by VulnCheck.

Authentication Bypass Deeptutor
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy