PT-2025-36620 · Npm · @Modelcontextprotocol/Inspector
Published
2025-09-08
·
Updated
2025-09-08
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
An XSS flaw exists in the MCP Inspector local development tool when it renders a redirect URL returned by a remote MCP server. If the Inspector connects to an untrusted server, a crafted redirect can inject script into the Inspector context and, via the built-in proxy, be leveraged to trigger arbitrary command execution on the developer machine. Version 0.16.6 hardens URL handling/validation and prevents script execution.
Thank you to the following researchers for their reports and contributions:
- Raymond (Veria Labs)
- Gavin Zhong, superboyzjc@gmail.com & Shuyang Wang, swang@obsidiansecurity.com.
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
@Modelcontextprotocol/Inspector