Authentication Bypass Vulnerability in MCPHub by SamanHappy
CVE-2025-13822

5.3MEDIUM

Key Information:

Vendor: Mcphub
Status: Mcphub
Vendor: CVE Published:; 14 April 2026

What is CVE-2025-13822?

MCPHub versions prior to 0.11.0 contain an authentication bypass vulnerability that exposes certain endpoints to unauthorized access. The lack of proper authentication middleware permits an unauthenticated attacker to invoke actions on behalf of other users, effectively leveraging their privileges without consent. This flaw can severely compromise user data and system integrity, underscoring the necessity for timely updates and security measures to mitigate risks associated with unauthorized access.

Affected Version(s)

MCPHub 0 < 0.11.0

References

https://github.com/samanhappy/mcphub

product

https://cert.pl/en/posts/2026/04/CVE-2025-13822

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Dec 1, 2025

Credit

Eryk Winiarz

CVE-2025-13822 Data

JSON

Mcphub

What is CVE-2025-13822?

Affected Version(s)

References

CVSS V4

Timeline

Credit