CNNVD-202512-173 Information
CNNVD ID
CNNVD-202512-173
Related CVE
- CNNVD Published: 2025-12-02
Description (Chinese)
Arcade MCP Server Framework是Arcade.dev开源的一个MCP服务器框架。 Arcade MCP Server Framework 1.5.4之前版本存在信任管理问题漏洞,该漏洞源于硬编码默认工作密钥,可能导致绕过身份验证层。
Description (English)
Arcade MCP Server Framework is an MCP server framework from Arcade.dev open source. The previous version of Arcade MCP Server Framework 1.5.4 had a trust management management gap, which stemmed from the default working key for hard-coding, which could lead to the circumvention of the authentication layer.
Hazard Level
High
Vulnerability Type
信任管理问题
Affected Vendor
Arcade.dev
Published
2025-12-02
Last Modified
2026-02-24
References
https://github.com/ArcadeAI/arcade-mcp/pull/691 https://github.com/ArcadeAI/arcade-mcp/security/advisories/GHSA-g2jx-37x6-6438 https://github.com/ArcadeAI/arcade-mcp/commit/44660d18ceb220600401303df860a31ca766c817 https://access.redhat.com/security/cve/cve-2025-66454
Patch
https://github.com/ArcadeAI/arcade-mcp/releases
Share on: