CVE-2025-13822

UNKNOWN 0.0

Authentication bypass in MCPHub

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

13th

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

CWE	CWE-639
Vendor	mcphub
Product	mcphub
Published	Apr 14, 2026
Last Updated	Apr 14, 2026

Stay Ahead of the Next One

Get instant alerts for mcphub mcphub

Be the first to know when new unknown vulnerabilities affecting mcphub mcphub are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MCPHub / MCPHub

0 < 0.11.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/samanhappy/mcphub cert.pl: https://cert.pl/en/posts/2026/04/CVE-2025-13822

Credits

Eryk Winiarz