CNNVD-202512-363 Information

CNNVD ID

CNNVD-202512-363

Related CVE

CVE-2025-64443

• CNNVD Published: 2025-12-03

Description (Chinese)

Docker MCP Gateway是美国Docker公司的一个网关服务。 Docker MCP Gateway 0.27.0及之前版本存在安全漏洞，该漏洞源于在sse或流传输模式下运行时容易受到DNS重绑定攻击，可能导致基于浏览器的MCP服务器利用。

Description (English)

Docker MCP Gateway is a gateway service for Docker in the United States. Docker MCP Gateway 0.27.0 and previous versions have a security loophole, which stems from the vulnerability to DNS re-couping when operating under ses or stream transfer mode, which may lead to the use of a browser-based MCP server.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Docker

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/docker/mcp-gateway/commit/6b076b2479d8d1345c50c112119c62978d46858e https://github.com/docker/mcp-gateway/security/advisories/GHSA-46gc-mwh4-cc5r

Patch

https://github.com/docker/mcp-gateway/releases