CNNVD-202601-826 Information

CNNVD ID

CNNVD-202601-826

Related CVE

CVE-2026-0621

• CNNVD Published: 2026-01-05

Description (Chinese)

MCP TypeScript SDK是Model Context Protocol开源的一个用于模型上下文协议服务器和客户端的开发者工具包。 MCP TypeScript SDK 1.25.1及之前版本存在安全漏洞，该漏洞源于UriTemplate类处理RFC 6570爆炸数组模式时存在正则表达式拒绝服务，可能导致CPU消耗过高和拒绝服务攻击。

Description (English)

MCP TypeScript SDK is a developer tool kit for model context protocol servers and clients from the Model Context Protocol open source. MCP TypeScript SDK 1.2.5.1 and previous versions contain a security loophole stemming from the regular expression of denial of services in the UriTemplate type when dealing with the RFC 6570 blast array model, which may lead to over-consumption of CPUs and denial of service attacks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Model Context Protocol

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/modelcontextprotocol/typescript-sdk/issues/965 https://www.vulncheck.com/advisories/mcp-typescript-sdk-uritemplate-exploded-array-pattern-redos