Mcp Ruby Sdk
Approved changes feed: RSS · Atom
cpe:2.3:a:lfprojects:mcp_ruby_sdk:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Lfprojects (4544abc5-133d-544b-9bd5-895c4c487a16) |
|---|---|
| Product | Mcp Ruby Sdk (4ed4910c-bddf-5298-83e1-5c4bf27e3a5e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-33946 |
vulnerable | 2026-06-03 15:22:08.746405 |
MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay
MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events (SSE) stream and intercept all real-time data. Version 0.9.2 contains a patch.
Published: 2026-03-27T21:20:07.900Z
Updated: 2026-03-30T18:42:43.387Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.