8.7

CVSS Score

4.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2026-0621

CVE-2026-0621: MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2026-0621

CVE-2026-0621:

8.7

CVSS Score

4.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
@modelcontextprotocol/sdk	npm	< 1.25.2	1.25.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a Regular Expression Denial of Service (ReDoS) within the UriTemplate class of the @modelcontextprotocol/sdk. The analysis of the provided patch commit b392f02ffcf37c088dbd114fedf25026ec3913d3 reveals the root cause. The function UriTemplate.partToRegExp was responsible for generating a regex pattern to parse URI templates. For exploded variables (like {id*}), it created the pattern ([^/]+(?:,[^/]+)*), which contains nested quantifiers. This pattern is subject to catastrophic backtracking.

The patch corrects this by changing the pattern to ([^/,]+(?:,[^/,]+)*), which makes the inner character set [^/,] mutually exclusive with the delimiter ,, thus preventing the backtracking issue. The UriTemplate.match function is the consumer of this vulnerable regex. The test cases added in the patch confirm that calling template.match() with a crafted string (e.g., a long sequence of commas) triggers the vulnerability, causing the function to hang. Therefore, both partToRegExp (which creates the bad regex) and match (which executes it) are the key functions related to this vulnerability.

Vulnerable functions

UriTemplate.partToRegExp

src/shared/uriTemplate.ts

This function constructs a regular expression for a URI template part. The original code created a regex with nested quantifiers `([^/]+(?:,[^/]+)*)` for exploded variables. This pattern is vulnerable to ReDoS (Regular Expression Denial of Service) because it can cause catastrophic backtracking when matching against a string with many commas but no slashes, leading to excessive CPU usage and service denial.

UriTemplate.match

src/shared/uriTemplate.ts

This function uses the vulnerable regular expression generated by `partToRegExp` to match against a provided URI. While the code for `match` itself was not changed, the new test cases added in the patch demonstrate that calling this function with a malicious payload is how the ReDoS vulnerability is triggered. During an exploit, this function would be the one to hang, consuming 100% CPU as it executes the flawed regex.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

8.7

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2026-0621: MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

CVE-2026-0621:

8.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2026-0621: MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS

Technical Details

8.7

8.7

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI