CVE-2026-0621

High CVSS: 8.7

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service.

Vendor

Lfprojects

Product

Mcp Typescript Sdk

CWE

CWE-1333

Yayın Tarihi

2026-01-05 21:16:14

Güncelleme

2026-01-30 01:16:59

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-1333 Mcp Typescript Sdk HIGH Lfprojects 2026

Referanslar

https://github.com/modelcontextprotocol/typescript-sdk/issues/965 https://www.vulncheck.com/advisories/mcp-typescript-sdk-uritemplate-exploded-array-pattern-redos https://github.com/modelcontextprotocol/typescript-sdk/issues/965

Benzer Kayıtlar

High

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no…

Medium

CVE-2026-34237

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1,…

High

CVE-2026-33946

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby S…

Critical

CVE-2025-15031

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar a…

Medium

CVE-2026-29791

Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environmen…

High

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal…