CVE-2026-44427
MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
Description
### Summary The TrailingSlashMiddleware in internal/api/server.go is vulnerable to an open redirect attack. An attacker can craft a URL with a protocol-relative path (e.g., //evil.com/) that, after trailing slash removal, results in a Location header of //evil.com — which browsers interpret as an absolute URL to an external domain. ### Details The TrailingSlashMiddleware strips trailing slashes from request paths and issues a 308 Permanent Redirect to the cleaned path. However, it does not validate or sanitize the resulting path before using it as the redirect target. When a request is made with a path like //evil.com/, the middleware processes it as follows: ### PoC 1. Start the registry server locally or identify a deployed instance 2. Send a request with a double-slash path followed by an external domain: `curl -v https://<registry-host>//evil.com/` <img width="3066" height="969" alt="image" src="https://github.com/user-attachments/assets/a5305f00-29bf-4708-952a-478d608f2074" /> 3. Observe the 308 Permanent Redirect response with Location: //evil.com: 4. When accessed in a browser, the user is redirected to https://evil.com ### Impact **Phishing**: Attackers can abuse the trusted registry domain to redirect users to credential-harvesting pages **Malware distribution**: Redirect users to sites serving malicious downloads **Trust abuse:** Links originating from the official MCP Registry domain carry implicit trust
How to fix CVE-2026-44427
To remediate CVE-2026-44427, upgrade the affected package to a fixed version below.
- —upgrade to 1.7.5 or later
Is CVE-2026-44427 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.1.0, < 1.7.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P |