CVE-2025-64443

High CVSS: 7.3

MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertisement can perform browser-based exploitation of MCP servers executing behind the gateway, including manipulating tools or other features exposed by those MCP servers. MCP Gateway is not affected when running in the default stdio mode, which does not listen on network ports. Version 0.28.0 fixes this issue.

Vendor

Docker

Product

Mcp Gateway

CWE

CWE-749

Yayın Tarihi

2025-12-03 18:15:46

Güncelleme

2026-03-10 19:37:51

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-749 Mcp Gateway HIGH Docker 2025

Referanslar

https://github.com/docker/mcp-gateway/commit/6b076b2479d8d1345c50c112119c62978d46858e https://github.com/docker/mcp-gateway/security/advisories/GHSA-46gc-mwh4-cc5r

Benzer Kayıtlar

High

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exis…

Medium

CVE-2026-2664

An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows,…

Low

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serializatio…

High

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-pr…