Description
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path (e.g., //evil.com/) that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an absolute URL to an external domain. This vulnerability is fixed in 1.7.5.
Published: 2026-05-14
Score: 0 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The MCP Registry’s TrailingSlashMiddleware in internal/api/server.go can alter a protocol‑relative URL, turning a string such as //evil.com/ into a Location header of //evil.com after trailing‑slash removal. Browsers interpret this as an absolute URL to an external domain, allowing an attacker to redirect users to a malicious site while presenting it as a legitimate MCP server. This flaw requires no authentication and can be triggered simply by visiting a crafted link.

Affected Systems

The affected product is MCP Registry by modelcontextprotocol, with versions 1.1.0 through 1.7.4 susceptible to the vulnerability. The fix is incorporated beginning with version 1.7.5.

Risk and Exploitability

Because the flaw is an open redirect, its exploitation is low effort and relies on user interaction. The EPSS score is not published, and the vulnerability is not listed in CISA’s KEV catalog, but the potential for phishing remains significant. Applying the 1.7.5 update removes the redirect bug; no additional access privileges are required for exploitation.

Generated by OpenCVE AI on May 14, 2026 at 22:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MCP Registry to version 1.7.5 or later, ensuring the TrailingSlashMiddleware has been patched or removed.
  • Verify that the server no longer appends or manipulates trailing slashes in Location headers for external redirects.
  • Configure network or application layers to reject protocol-relative URLs or enforce strict domain validation for redirection targets.

Generated by OpenCVE AI on May 14, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-v8vw-gw5j-w7m6 MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
History

Fri, 15 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. From 1.1.0 to 1.7.4, the TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path (e.g., //evil.com/) that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an absolute URL to an external domain. This vulnerability is fixed in 1.7.5.
Title MCP Registry: Open Redirect
Weaknesses CWE-601
References
Metrics cvssV4_0

{'score': 0, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T13:33:16.949Z

Reserved: 2026-05-06T14:40:00.953Z

Link: CVE-2026-44427

cve-icon Vulnrichment

Updated: 2026-05-15T13:33:00.617Z

cve-icon NVD

Status : Deferred

Published: 2026-05-14T22:16:44.450

Modified: 2026-05-15T15:16:52.670

Link: CVE-2026-44427

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T22:30:25Z

Weaknesses