Deeptutor
Monthly
Privilege escalation via missing authorization in HKUDS DeepTutor before 1.4.10 lets any authenticated low-privilege user invoke deployment-wide MCP (Model Context Protocol) tools they were never granted. The root cause is the allowed_mcp_tools function in deeptutor/multi_user/tool_access.py returning None (interpreted as 'allow all') instead of a denied result when the mcp_tools key is omitted from a user's grant, so a regular user - or prompt-injected content running inside their session - can enumerate and call filesystem, shell, and browser MCP servers. No public exploit is identified at the time of analysis and it is not in CISA KEV, but a vendor patch (v1.4.10) is available and the issue was reported by VulnCheck.
Privilege escalation via missing authorization in HKUDS DeepTutor before 1.4.10 lets any authenticated low-privilege user invoke deployment-wide MCP (Model Context Protocol) tools they were never granted. The root cause is the allowed_mcp_tools function in deeptutor/multi_user/tool_access.py returning None (interpreted as 'allow all') instead of a denied result when the mcp_tools key is omitted from a user's grant, so a regular user - or prompt-injected content running inside their session - can enumerate and call filesystem, shell, and browser MCP servers. No public exploit is identified at the time of analysis and it is not in CISA KEV, but a vendor patch (v1.4.10) is available and the issue was reported by VulnCheck.