logo

Database

Improper authorization control for web services In @samanhappy/mcphub

Description

MCPHub has an authentication bypass MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-138222. NVD-2025-138223. OSV-2025-138224. GCVE-2025-13822

References

1. https://cert.pl/en/posts/2026/04/CVE-2025-13822

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.