CNNVD-202602-1061 Information

CNNVD ID

CNNVD-202602-1061

Related CVE

CVE-2026-1990

• CNNVD Published: 2026-02-06

Description (Chinese)

oatpp-mcp是Oat++开源的一个模型上下文协议的实现。 oatpp-mcp 1.3.1及之前版本存在代码问题漏洞，该漏洞源于对文件src/oatpp/data/type/Type.hpp中oatpp::data::type::ObjectWrapper::ObjectWrapper函数的错误操作，可能导致空指针取消引用。

Description (English)

oatpp-mcp is the realization of a model context protocol for the Oat++ open source. There is a code problem loophole in the oatpp-mcp 1.3.1 and earlier versions, which stems from the error in the src/oatpp/data/type/Type.hpp function of oatpp::data: type::ObjectWrapper:ObjectWrapper, which may lead to an empty pointer being deleted.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

Oat++

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/oatpp/oatpp/ https://github.com/oatpp/oatpp/issues/1080 https://github.com/oatpp/oatpp/issues/1080#issue-3806715350 https://vuldb.com/?ctiid.344508 https://vuldb.com/?id.344508 https://vuldb.com/?submit.743387