CVE-2026-55604: CWE-639: Authorization Bypass Through User-Controlled Key in arikusi deepseek-mcp-server
DeepSeek MCP Server versions from 1.4.2 up to but not including 1.7.0 contain an authorization bypass vulnerability. The server's SessionStore accepts user-supplied session IDs without verifying…
Read the full article1d agoen


Comments
Sign in to join the conversation.
No comments yet. Be the first.