Authentication bypass in MCPHub_CVE-2025-13822

5.3 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

Basic Information

ID CVE-2025-13822

Source CERT-PL

Published Apr 14, 2026 at 10:23

Affected Product

Vendor MCPHub

Product MCPHub

Affected Versions MCPHub MCPHub 0

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "MCPHub in versions below\u00a00.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.",
    "published": "2026-04-14T10:23:49.910Z",
    "modified": "2026-04-14T10:23:49.910Z",
    "type": "cve",
    "title": "Authentication bypass in MCPHub",
    "source": "CERT-PL",
    "references": "https://github.com/samanhappy/mcphub\nhttps://cert.pl/en/posts/2026/04/CVE-2025-13822",
    "id": "CVE-2025-13822",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "MCPHub MCPHub 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MCPHub",
    "version": "0",
    "vendor": "MCPHub",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}