CVE-2025-13822

MEDIUM

Authentication bypass in MCPHub

Title source: cna

Description

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

References (2)

Core 2

Core References

Product product

https://github.com/samanhappy/mcphub

Third Party Advisory third-party-advisory

https://cert.pl/en/posts/2026/04/CVE-2025-13822

Scores

CVSS v3 5.3

EPSS 0.0035

EPSS Percentile 27.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (3)

MCPHub/MCPHub < 0.11.0

mcphubx/mcphub < 0.11.0

samanhappy/mcphub 0 - 0.11.0npm

Published Apr 14, 2026

Tracked Since Apr 14, 2026