← back
CVE-2025-13822

Authentication bypass in MCPHub

CVSS 5.3 MEDIUMEPSS 0.4%CWE-639
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
MCPHub · MCPHub

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.pl/en/posts/2026/04/CVE-2025-13822https://github.com/samanhappy/mcphub