CVE-2025-13822

MEDIUM

Authentication bypass in MCPHub

Title source: cna

Description

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

References (2)

[Product] https://github.com/samanhappy/mcphub

[Third Party Advisory] https://cert.pl/en/posts/2026/04/CVE-2025-13822

Scores

CVSS v4 5.3

EPSS 0.0005

EPSS Percentile 16.0%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (2)

MCPHub/MCPHub < 0.11.0

samanhappy/mcphub 0 - 0.11.0npm

Published Apr 14, 2026

Tracked Since Apr 14, 2026