MCPHub has an authentication bypass

GHSA-9vq7-9h42-j88h · CVE-2025-13822

Published Apr 14, 2026 · Modified Apr 15, 2026

Description

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-13822
WEB https://cert.pl/en/posts/2026/04/CVE-2025-13822
PACKAGE https://github.com/samanhappy/mcphub

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes