Описание
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
Impact
A ReDoS vulnerability in the UriTemplate class allows attackers to cause denial of service. The partToRegExp() function generates a regex pattern with nested quantifiers (([^/]+(?:,[^/]+)*)) for exploded template variables (e.g., {/id*}, {?tags*}), causing catastrophic backtracking on malicious input.
Who is affected: MCP servers that register resource templates with exploded array patterns and accept requests from untrusted clients.
Attack result: An attacker sends a crafted URI via resources/read request, causing 100% CPU utilization, server hang/crash, and denial of service for all clients.
Affected Versions
All versions of @modelcontextprotocol/sdk prior to the patched release.
Patches
v1.25.2 contains b392f02ffcf37c088dbd114fedf25026ec3913d3 the fix modifies the regex pattern to prevent backtracking.
Workarounds
- Avoid using exploded patterns (
{/id*},{?tags*}) in resource templates - Implement request timeouts and rate limiting
- Validate URIs before processing to reject suspicious patterns
Ссылки
- https://github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-cqwc-fm46-7fff
- https://nvd.nist.gov/vuln/detail/CVE-2026-0621
- https://github.com/modelcontextprotocol/typescript-sdk/issues/965
- https://github.com/modelcontextprotocol/typescript-sdk/commit/b392f02ffcf37c088dbd114fedf25026ec3913d3
- https://github.com/modelcontextprotocol/typescript-sdk/releases/tag/v1.25.2
- https://www.vulncheck.com/advisories/mcp-typescript-sdk-uritemplate-exploded-array-pattern-redos
Пакеты
@modelcontextprotocol/sdk
< 1.25.2
1.25.2
Связанные уязвимости
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service.