CNNVD-202510-2599 Information

CNNVD ID

CNNVD-202510-2599

Related CVE

CVE-2025-6515

• CNNVD Published: 2025-10-20

Description (Chinese)

oatpp-mcp是Oat++开源的一个模型上下文协议的实现。 oatpp-mcp存在安全特征问题漏洞，该漏洞源于MCP SSE端点返回实例指针作为会话ID，可能导致会话劫持攻击。

Description (English)

oatpp-mcp is the realization of a model context protocol for the Oat++ open source. oatpp-mcp has a security feature loophole, which stems from the MCP SSE peer return instance pointer as a session ID, which could lead to a conversational hijacking attack.

Hazard Level

High

Vulnerability Type

安全特征问题

Affected Vendor

Oat++

Published

2025-10-20

Last Modified

2026-02-24

References

https://research.jfrog.com/vulnerabilities/oatpp-mcp-prompt-hijacking-jfsa-2025-001494691/ https://access.redhat.com/security/cve/cve-2025-6515