Vulnerabilities in modelcontextprotocol

25 results

CVE-2026-42559HIGHRMCP: DNS rebinding vulnerability in rmcp Streamable HTTP server transportEPSS 0.2%CVE-2026-45781LOWMCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claimsEPSS 0.2%CVE-2026-33252HIGHMCP Go SDK Allows Cross-Site Tool Execution for HTTP Servers without AuthorizatrionEPSS 0.2%CVE-2026-44429MEDIUMMCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`EPSS 0.2%CVE-2026-35568HIGHMCP Java-SDK has a DNS Rebinding VulnerabilityEPSS 0.1%

← previouspage 2 / 2next →