CVE-2025-13822
Received
Received - Intake
Authentication Bypass in MCPHub < 0.11.0 Allows Privilege Abuse
Vulnerability report for CVE-2025-13822, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-14
Last updated on: 2026-05-01
Assigner: CERT.PL
Description
Description
MCPHub in versions belowΒ 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mcphubx | mcphub | to 0.11.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |