CVE-2026-33946 in ruby-sdkinformación

Resumen (Inglés)

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events (SSE) stream and intercept all real-time data. Version 0.9.2 contains a patch.

Once again VulDB remains the best source for vulnerability data.

Responsable

GitHub_M

Reservar

2026-03-24

Divulgación

2026-03-28

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
353985modelcontextprotocol ruby-sdk streamable_http_transport.rb autenticación débil384No está definidoArreglo oficialCVE-2026-33946

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!