CVE-2026-45609
7.2 HIGHmcp-security provides Security and Authorization support for Model Context Protocol in Spring AI
Published: 2026-05-29 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 7.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- CWE
- CWE-918
Affected products
| Vendor | Product |
|---|---|
| springaicommunity | mcp_security |
Description
mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled This vulnerability is fixed in 0.1.9.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2025-60175 — Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions (4.4 MEDIUM)
- CVE-2026-12210 — A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0 (6.3 MEDIUM)
- CVE-2026-53827 — OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata ... (6.5 MEDIUM)
- CVE-2026-47268 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.4 MEDIUM)
- CVE-2026-46717 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (7.7 HIGH)