Modelcontextprotocol Registry
5 CVEs affecting Modelcontextprotocol Registry. Latest disclosed: 2026-05-14. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44429 | Medium | 5.4 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (f… |
CVE-2026-44428 | Medium | 4.7 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OID… |
CVE-2026-44430 | Medium | 4.0 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the Registry's HTTP-based namespace verifi… |
CVE-2026-45781 | Low | 3.5 | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match… |
CVE-2026-44427 | | 2026-05-14 | The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in intern… |