CVE-2026-55604
Deferred Deferred - Pending Action

Session ID Reuse in DeepSeek MCP Server

Vulnerability report for CVE-2026-55604, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: GitHub, Inc.

Description

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transport session. An attacker can enumerate active session IDs via `deepseek_sessions`, then reuse a victim-controlled `session_id` in `deepseek_chat` to retrieve and continue the victim's conversation context. Version 1.7.0 contains a patch.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
deepseek mcp_server to 1.7.0 (exc)
deepseek mcp_server 1.7.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows an attacker to enumerate and reuse active session IDs without proper authentication, potentially leading to unauthorized access to user conversations and sensitive data.

Such unauthorized access could result in violations of data protection regulations like GDPR and HIPAA, which require strict controls over access to personal and sensitive information to ensure confidentiality and integrity.

Therefore, the vulnerability may negatively impact compliance with these standards by exposing protected data through session hijacking.

Detection Guidance

This vulnerability involves the DeepSeek MCP Server versions from 1.4.2 up to but not including 1.7.0, where the SessionStore accepts session_id values without proper authentication binding. Detection involves identifying if your system is running a vulnerable version of DeepSeek MCP Server.

To detect the vulnerability on your system, first verify the version of DeepSeek MCP Server installed. If it is between 1.4.2 and before 1.7.0, the system is vulnerable.

Network detection could involve monitoring for unusual or unauthorized use of session IDs, especially requests to endpoints like `deepseek_sessions` or `deepseek_chat` that might indicate session enumeration or reuse.

Specific commands to check the version might include:

  • On the server, run a command to check the installed package version, for example: `deepseek_mcp_server --version` or check the service metadata.
  • Use network monitoring tools like `tcpdump` or `Wireshark` to capture traffic and filter for requests to `deepseek_sessions` or `deepseek_chat` endpoints.
  • Example tcpdump command: `tcpdump -i any -A 'tcp port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x64656570)'` to filter HTTP traffic containing 'deep' (part of 'deepseek').

However, no specific detection commands or tools are provided in the available information.

Executive Summary

The vulnerability exists in DeepSeek MCP Server versions starting from 1.4.2 up to but not including 1.7.0. The issue is that the SessionStore accepts session_id values supplied by callers without verifying that these session IDs are bound to an authenticated user or a valid transport session.

An attacker can enumerate active session IDs using the deepseek_sessions interface and then reuse a victim's session_id in the deepseek_chat interface. This allows the attacker to retrieve and continue the victim's conversation context, effectively hijacking the session.

This vulnerability was patched in version 1.7.0.

Impact Analysis

This vulnerability can lead to unauthorized access to a victim's conversation context by allowing an attacker to hijack active sessions.

  • Confidentiality impact: An attacker can read sensitive or private conversation data belonging to the victim.
  • Integrity impact: The attacker can potentially manipulate or continue the victim's conversation, leading to misinformation or unauthorized actions.
  • Availability impact: The attacker might disrupt normal session usage or cause denial of service by interfering with session management.
Mitigation Strategies

To mitigate this vulnerability, upgrade DeepSeek MCP Server to version 1.7.0 or later, as this version contains the patch that fixes the issue with the SessionStore accepting caller-supplied session_id values without proper binding.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55604. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart