CNNVD-202506-1790 Information

CNNVD ID

CNNVD-202506-1790

Related CVE

CVE-2025-49596

• CNNVD Published: 2025-06-13

Description (Chinese)

MCP Inspector是Model Context Protocol开源的一个MCP服务器的可视化测试工具。 MCP Inspector 0.14.1之前版本存在访问控制错误漏洞，该漏洞源于缺少认证，可能导致远程代码执行。

Description (English)

MCP Inspector is a visualization test tool for an MCP server from the Model Context Protocol open source. MCP Inspector 0.14.1 had an access control error gap, which stemmed from a lack of authentication and could lead to remote code execution.

Hazard Level

Low

Vulnerability Type

访问控制错误

Affected Vendor

Model Context Protocol

Published

2025-06-13

Last Modified

2026-02-24

References

https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979 https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g https://access.redhat.com/security/cve/cve-2025-49596

Patch

https://github.com/modelcontextprotocol/inspector/releases