MCP Registry UI Vulnerable to Stored XSS Attack

By PulseAugur Editorial · Summary by gemini-2.5-flash-lite from 1 source

A stored cross-site scripting (XSS) vulnerability has been identified in the MCP Registry Catalogue UI, specifically affecting versions prior to v1.7.7. The vulnerability resides in the "websiteUrl" field of published entries. Successful exploitation could allow malicious payloads to execute within the registry interface. AI

Summary written by gemini-2.5-flash-lite from 1 source. How we write summaries →

IMPACT Potential security risk for users interacting with the MCP Registry Catalogue UI.

RANK_REASON Identifies a specific software vulnerability (CVE) in a UI component.

Read on Medium — MCP tag →

safety
other

MCP Registry UI Vulnerable to Stored XSS Attack

COVERAGE [1]

Medium — MCP tag TIER_1 · Yusufhan Saçak · 2026-05-09 08:14

CVE-2026–44429: Stored XSS on the MCP Registry Catalogue UI

<div class="medium-feed-item"><p class="medium-feed-image"><a href="https://yusufhansacak.medium.com/cve-2026-44429-stored-xss-on-the-mcp-registry-catalogue-ui-876406bf6716?source=rss------mcp-5"><img src="https://cdn-images-1.medium.com/max/1200/1*ou7kYkmx5J7CT5iMSI8d4Q.png" wid…

COVERAGE [1]

CVE-2026–44429: Stored XSS on the MCP Registry Catalogue UI

RELATED TOPICS