What is CVE-2025-49596?

CVE-2025-49596 is a vulnerability in Modelcontextprotocol Inspector, classified under Missing Authentication for Critical Function. Published 2025-06-13.

Is CVE-2025-49596 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Modelcontextprotocol Inspector

CVE-2025-49596

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unau…

Vulnerability class: Broken Authentication

EPSS: 0.026 (85.8th percentile) — read the EPSS interpretation.

Affected products

Modelcontextprotocol Inspector — versions < 0.14.1

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

Public proof-of-concept exploits

References

https://github.com/modelcontextprotocol/inspector/security/advisories/GHSA-7f8r-222p-6f5g (x_refsource_CONFIRM)
https://github.com/modelcontextprotocol/inspector/commit/50df0e1ec488f3983740b4d28d2a968f12eb8979 (x_refsource_MISC)
https://thenewstack.io/mcp-vulnerability-exposes-the-ai-untrusted-code-crisis (x_refsource_MISC)
https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-49596?: CVE-2025-49596 is a vulnerability in Modelcontextprotocol Inspector, classified under Missing Authentication for Critical Function. Published 2025-06-13.
Is CVE-2025-49596 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.