PT-2025-40800 · Mcphub · Mcphub
Yu Bao
·
Published
2025-10-05
·
Updated
2025-10-10
·
CVE-2025-11287
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
samanhappy MCPHub versions up to 0.9.10
Description
A flaw exists due to improper authentication within the
handleSseConnectionfunction function located in the src/services/sseService.ts file. This issue allows for remote attacks, and a public exploit is available. The vendor was notified but did not respond.Recommendations
Versions prior to 0.9.10 should be updated. Consider temporarily disabling the
handleSseConnectionfunction function until a patch is available.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcphub