GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure Route Configuration
Vulnerability ID: GHSA-VW82-7FV8-R6GP
CVSS Score: 9.3
Published: 2026-05-13
An authorization bypass vulnerability in the Obot MCP Gateway allows authenticated users to access arbitrary Model Context Protocol (MCP) servers without possessing the required Access Control Rules (ACR) or ownership privileges, leading to unauthorized interaction with external tools and data sources.
TL;DR
Authenticated users can bypass access controls to connect to any registered MCP server via the /mcp-connect/{id} endpoint due to a misconfigured global allowlist in the platform's authorization routing logic.
Technical Details
- CWE ID: CWE-285
- Attack Vector: Network
- CVSS Score: 9.3
- Privileges Required: Low (Authenticated)
- Impact Context: Changed Scope (Access to external tools/data)
- Patch Status: Patched in v0.21.1
Affected Systems
- Obot MCP Gateway
-
Obot MCP Gateway: < 0.21.1 (Fixed in:
v0.21.1)
Mitigation Strategies
- Upgrade Obot MCP Gateway to v0.21.1 or newer.
- Implement WAF rules to restrict access to the /mcp-connect/ endpoint based on IP address if immediate patching is impossible.
- Audit application logs for unauthorized connections to MCP server identifiers.
Remediation Steps:
- Identify the currently deployed version of the Obot MCP Gateway.
- Download the v0.21.1 release from the official obot-platform GitHub repository.
- Deploy the updated application binary or container image into the production environment.
- Verify deployment success by confirming the application version and testing authorized and unauthorized access to an MCP server instance.
References
Read the full report for GHSA-VW82-7FV8-R6GP on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)