Mcp Typescript Sdk
Approved changes feed: RSS · Atom
cpe:2.3:a:anthropic:mcp_typescript_sdk:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Anthropic (3238ad0c-ea15-566c-999a-9410b8abc1cf) |
|---|---|
| Product | Mcp Typescript Sdk (394d1199-3d27-5b96-8f78-4f8245ab631c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-0621 |
vulnerable | 2026-06-08 07:47:12.754676 |
MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service.
Published: 2026-01-05T20:57:14.515Z
Updated: 2026-03-05T01:30:05.626Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.