CVE-2026-44428

Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.6

Description The GitHub OIDC flow for both client and server is bound to a global audience string instead of the specific registry instance being targeted. On the client side, the publisher always appends audience=mcp-registry when requesting the GitHub Actions ID token, regardless of the --registry URL selected. On the server side, the exchange endpoint '/v0/auth/github-oidc' validates only this fixed audience and derives publish permissions directly from the repository owner variable. Consequently, a token obtained for one registry deployment can be replayed to any other deployment sharing the same code and audience string, allowing an attacker-controlled or compromised registry to impersonate a GitHub owner identity and perform unauthorized publication or update actions.

Recommendations Update to version 1.7.6.