CVE-2026-58168
Received Received - Intake

Authorization Bypass in DeepTutor via MCP Tools

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: VulnCheck

Description
DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools due to the allowed_mcp_tools function returning None instead of a denied result when mcp_tools is omitted from a user's grant in deeptutor/multi_user/tool_access.py. Attackers or prompt-injected content acting within a user session can enumerate and invoke any configured MCP tool, including filesystem, shell, and browser servers, gaining unauthorized access to sensitive deployment resources.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-58168
EUVD
EUVD-2026-40375

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
deeptutor deeptutor to 1.4.10 (exc)
hkuds deeptutor to 1.4.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users to invoke unrestricted MCP tools.

This happens because the allowed_mcp_tools function returns None instead of denying access when the mcp_tools grant is missing for a user.

As a result, attackers or malicious prompt-injected content within a user session can enumerate and invoke any configured MCP tool, including filesystem, shell, and browser servers.

This leads to unauthorized access to sensitive deployment resources.

Impact Analysis

This vulnerability allows non-admin users or attackers acting within a user session to gain unauthorized access to sensitive backend capabilities.

  • They can invoke MCP tools such as filesystem, shell, and browser servers without proper authorization.
  • This can lead to unauthorized enumeration and execution of critical tools, potentially compromising sensitive deployment resources.

Such unauthorized access can result in data breaches, system manipulation, or other security incidents.

Mitigation Strategies

To mitigate the authorization bypass vulnerability in DeepTutor before version 1.4.10, you should upgrade to version 1.4.10 or later, where the issue is fixed.

The fix introduces a deny-by-default mechanism for MCP tools for non-admin users, requiring administrators to explicitly grant access to specific MCP tools.

  • Upgrade DeepTutor to version 1.4.10 or later.
  • Review and explicitly grant MCP tool access only to trusted non-admin users.
  • Ensure that non-admin users without explicit MCP tool grants are denied access by default.
  • Verify that admin users retain unrestricted access as intended.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart