{“lastseen”:””,”description”:”The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry’s HTTP-based namespace verification (POST \/v0\/auth\/http, POST \/v0.1\/auth\/http) uses safeDialContext (internal\/api\/handlers\/v0\/auth\/http.go:67-110) to refuse dialling private\/internal addresses when fetching the well-known public-key file from a publisher-supplied domain. The blocklist (isBlockedIP, lines 125-133) relies entirely on Go stdlib’s IsLoopback \/ IsPrivate \/ IsLinkLocalUnicast \/ IsMulticast \/ IsUnspecified plus a manual CGNAT range. None of these cover IPv6 6to4 (2002::\/16), NAT64 (64:ff9b::\/96 and 64:ff9b:1::\/48 per RFC 8215), or deprecated site-local (fec0::\/10) \u2014 all of which encode arbitrary IPv4 in the address bits and tunnel to RFC1918 \/ cloud-metadata services on dual-stack \/ NAT64-enabled hosts. This vulnerability is fixed in 1.7.7.”,”published”:”2026-05-14T21:02:40.738Z”,”modified”:”2026-05-14T21:02:40.738Z”,”type”:”cve”,”title”:”MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 \/ NAT64 \/ site-local IPv6 addresses, bypassing private-address allowlist”,”source”:”GitHub_M”,”references”:”https:\/\/github.com\/modelcontextprotocol\/registry\/security\/advisories\/GHSA-r48c-v28r-pf6v”,”id”:”CVE-2026-44430″,”bulletinFamily”:””,”cwe”:[“CWE-918″],”cvelist”:null,”sourceData”:”modelcontextprotocol registry \\u003c 1.7.7″,”sourceHref”:””,”cvss”:{“score”:6.3,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:P\/PR:N\/UI:N\/VC:N\/VI:N\/VA:N\/SC:L\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”registry”,”version”:”\\u003c 1.7.7″,”vendor”:”modelcontextprotocol”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry’s HTTP-based…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,23,12,21,13,7,11,5],"class_list":["post-54662","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-63","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n