Mcphub
Monthly
MCPHub below version 0.11.0 allows unauthenticated attackers to bypass authentication on unprotected endpoints and perform actions with the privileges of other users. The vulnerability stems from missing authentication middleware on certain endpoints, enabling attackers on the local network (AV:A) to impersonate legitimate users without requiring credentials. No public exploit code or active exploitation has been confirmed at this time.
A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Server-side request forgery (SSRF) in MCPHub up to version 0.9.10 allows authenticated high-privilege users to manipulate the baseUrl argument in the MCPRouter Service, enabling arbitrary HTTP requests from the server. The vulnerability requires high privilege level and has publicly available proof-of-concept code, though EPSS analysis suggests limited real-world exploitation probability despite active public disclosure.
OS command injection in MCPHub up to version 0.9.10 allows authenticated remote attackers to execute arbitrary system commands via manipulation of command/args parameters in serverController.ts. The vulnerability has a low CVSS score (2.1) due to requirement for authenticated access and limited scope impact, but carries elevated real-world risk given publicly available exploit code and vendor non-responsiveness. EPSS score of 0.25% suggests limited current exploitation activity despite POC availability.
MCPHub below version 0.11.0 allows unauthenticated attackers to bypass authentication on unprotected endpoints and perform actions with the privileges of other users. The vulnerability stems from missing authentication middleware on certain endpoints, enabling attackers on the local network (AV:A) to impersonate legitimate users without requiring credentials. No public exploit code or active exploitation has been confirmed at this time.
A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Server-side request forgery (SSRF) in MCPHub up to version 0.9.10 allows authenticated high-privilege users to manipulate the baseUrl argument in the MCPRouter Service, enabling arbitrary HTTP requests from the server. The vulnerability requires high privilege level and has publicly available proof-of-concept code, though EPSS analysis suggests limited real-world exploitation probability despite active public disclosure.
OS command injection in MCPHub up to version 0.9.10 allows authenticated remote attackers to execute arbitrary system commands via manipulation of command/args parameters in serverController.ts. The vulnerability has a low CVSS score (2.1) due to requirement for authenticated access and limited scope impact, but carries elevated real-world risk given publicly available exploit code and vendor non-responsiveness. EPSS score of 0.25% suggests limited current exploitation activity despite POC availability.