DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-WF8Q-WVV8-P8JF: GHSA-WF8Q-WVV8-P8JF: Unauthenticated User Impersonation in MCPHub SSE Endpoint

#security #cve #cybersecurity #ghsa

GHSA-WF8Q-WVV8-P8JF: Unauthenticated User Impersonation in MCPHub SSE Endpoint

Vulnerability ID: GHSA-WF8Q-WVV8-P8JF
CVSS Score: 4.7
Published: 2026-05-14

The @samanhappy/mcphub package before version 0.12.15 contains a critical improper authentication vulnerability within its Server-Sent Events (SSE) transport layer. The application blindly trusts the username provided in the URL path parameter to establish user context and session state without requiring cryptographic verification or authentication tokens. This architectural flaw allows unauthenticated remote attackers to impersonate any user, establish a valid session, and execute arbitrary Model Context Protocol (MCP) tools within the victim's authorization context.

TL;DR

An authentication bypass in MCPHub allows unauthenticated attackers to impersonate any user by specifying a target username in the SSE endpoint URL, granting unauthorized execution of administrative AI tools.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Improper Authentication
  • CWE ID: CWE-287, CWE-285
  • Attack Vector: Network
  • Authentication Required: None
  • CVSS Score: 4.7 (Medium)
  • Affected Component: SSE Endpoint Routing / userContext Middleware
  • Impact: Unauthorized execution of MCP tools / User Impersonation

Affected Systems

  • @samanhappy/mcphub (npm package)
  • Model Context Protocol (MCP) servers managed by vulnerable hub instances
  • @samanhappy/mcphub: < 0.12.15 (Fixed in: 0.12.15)

Code Analysis

Commit: 3fb39f0

Fix user context extraction and Bearer Auth validation logic.

Mitigation Strategies

  • Upgrade the package to a patched version
  • Enable Bearer Authentication with strong keys
  • Implement network isolation and restrict external access

Remediation Steps:

  1. Update @samanhappy/mcphub to version 0.12.15 via npm.
  2. Review the application configuration file.
  3. Set enableBearerAuth to true.
  4. Generate and deploy strong, unique API keys for all clients.
  5. Restrict network access to the MCPHub service port (e.g., 3000) using firewalls or security groups.

References

Read the full report for GHSA-WF8Q-WVV8-P8JF on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)