CVE-2026-45609EPSS p9.6%

CVE-2026-45609CVE-2026-45609

springaicommunity / mcp_security

Description

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled This vulnerability is fixed in 0.1.9.

Scoring

CVSS 7.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS0.20% probability of exploitation · percentile 9.6% · 2026-06-19T12:03:05Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-22742
CVE
CVE-2025-66416
CVE
CVE-2026-34237
CVE
CVE-2026-39974
CVE
CVE-2026-27826
CVE
CVE-2026-44694
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.