PT-2026-32617 · Mcphub · Mcphub

Eryk Winiarz

Published

2026-04-14

Updated

2026-05-01

CVE-2025-13822

CVSS v4.0

5.3

Medium

Vector

AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions MCPHub versions prior to 0.11.0

Description An authentication bypass exists because some endpoints are not protected by authentication middleware. This allows an unauthenticated attacker to perform actions on behalf of other users using their privileges.

Recommendations Update to version 0.11.0 or later.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2025-13822

GHSA-9VQ7-9H42-J88H

Affected Products

Mcphub

PT-2026-32617 · Mcphub · Mcphub

CVE-2025-13822

Weakness Enumeration

Related Identifiers

Affected Products

References · 8