GHSA-VW82-7FV8-R6GP: GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure R…

1 / 2

GHSA-VW82-7FV8-R6GP: GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure Route Configuration

DEV Community·CVE Reports·19 days ago

#bUdR3rQb

#security #cve #cybersecurity #ghsa #obot #gateway

Reading 0:00

15s threshold

GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure Route Configuration Vulnerability ID: GHSA-VW82-7FV8-R6GP CVSS Score: 9.3 Published: 2026-05-13 An authorization bypass vulnerability in the Obot MCP Gateway allows authenticated users to access arbitrary Model Context Protocol (MCP) servers without possessing the required Access Control Rules (ACR) or ownership privileges, leading to unauthorized interaction with external tools and data sources. TL;DR Authenticated users can bypass access controls to connect to any registered MCP server via the /mcp-connect/{id} endpoint due to a misconfigured global allowlist in the platform's authorization routing logic.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-VW82-7FV8-R6GP: GHSA-vw82-7fv8-r6gp: Authorization Bypass in Obot MCP Gateway via Insecure Route Configuration