Description
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service.
Published: 2026-01-05
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via ReDoS
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a regular expression denial of service in the UriTemplate class of the Anthropic MCP TypeScript SDK. When processing RFC 6570 exploded array patterns, the SDK builds a dynamic regular expression that contains nested quantifiers. An attacker can craft a URI containing a large exploded array pattern that forces catastrophic backtracking, exhausting CPU resources and rendering the Node.js process unresponsive. The impact is a denial of service aimed at disrupting application availability.

Affected Systems

Anthropic’s MCP TypeScript SDK versions up to and including 1.25.1 are affected. The SDK is typically used in Node.js environments to resolve or match URIs against templates. Any deployment that integrates these SDK versions, regardless of the specific application, is vulnerable if it processes user‑supplied URIs containing exploded array patterns.

Risk and Exploitability

The CVSS score is 8.7, indicating a high severity. The EPSS score is less than 1%, showing a low probability of exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. The attack requires only the ability to supply a crafted URI—no authentication or privileged access is necessary—making the exploit path straightforward for remote users who can invoke the affected SDK functionality. The primary vector is remote, via HTTP requests or any API surface that forwards URIs to the SDK for matching.

Generated by OpenCVE AI on April 18, 2026 at 08:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the MCP TypeScript SDK to the latest version released by Anthropic, which includes the vulnerability fix.
  • Validate or sanitize incoming URIs to reject or normalize exploded array patterns before they reach the UriTemplate class, thereby preventing catastrophic backtracking.
  • Implement application‑level resource limits, such as CPU throttling or process isolation for the Node.js runtime, to mitigate the impact should any denial‑of‑service attempt occur.

Generated by OpenCVE AI on April 18, 2026 at 08:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8r9q-7v3j-jr4g Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
History

Fri, 30 Jan 2026 01:30:00 +0000

Type Values Removed Values Added
First Time appeared Lfprojects
Lfprojects mcp Typescript Sdk
CPEs cpe:2.3:a:lfprojects:mcp_typescript_sdk:*:*:*:*:*:*:*:*
Vendors & Products Lfprojects
Lfprojects mcp Typescript Sdk
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 06 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Anthropic
Anthropic mcp Typescript Sdk
Vendors & Products Anthropic
Anthropic mcp Typescript Sdk

Tue, 06 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 21:00:00 +0000

Type Values Removed Values Added
Description Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service.
Title MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS
Weaknesses CWE-1333
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Anthropic Mcp Typescript Sdk
Lfprojects Mcp Typescript Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-05T01:30:05.626Z

Reserved: 2026-01-05T19:41:59.356Z

Link: CVE-2026-0621

cve-icon Vulnrichment

Updated: 2026-01-05T21:07:49.707Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-05T21:16:14.533

Modified: 2026-01-30T01:16:59.120

Link: CVE-2026-0621

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:30:35Z

Weaknesses