← back
CVE-2025-13822

Authentication bypass in MCPHub

CVSS 5.3 MEDIUMEPSS 0.4%CWE-639
MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
MCPHub · MCPHub

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.pl/en/posts/2026/04/CVE-2025-13822https://github.com/samanhappy/mcphub