CVE-2026-55605

Source
https://cve.org/CVERecord?id=CVE-2026-55605
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55605.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-55605
Aliases
  • GHSA-72f3-6w86-7rv3
Published
2026-07-09T21:10:53.882Z
Modified
2026-07-15T01:48:58.030706332Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
@arikusi/deepseek-mcp-server Missing Authentication on Self-Hosted HTTP MCP Endpoint
Details

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards the route, so any network-reachable client can issue an unauthenticated initialize request and obtain a valid MCP session identifier. In reproduced testing against commit 5e1302171e99, an unauthenticated client was able to initialize a session, enumerate tools, and invoke the local deepseek_sessions tool with no credentials. The same unauthenticated session also exposes deepseek_chat, whose handler uses the server-side DEEPSEEK_API_KEY when self-hosted deployments configure one. This issue applies to self-hosted HTTP mode, not the separately documented hosted BYOK endpoint in README.md, which expects an Authorization: Bearer ... header. Upstream self-hosted container assets enable HTTP mode by default (Dockerfile) and publish port 3000 (docker-compose.yml). Version 1.8.0 contains a patch for this issue.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-306"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55605.json"
}
References

Affected packages

Git / github.com/arikusi/deepseek-mcp-server

Affected ranges

Type
GIT
Repo
https://github.com/arikusi/deepseek-mcp-server
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.4.2"
        },
        {
            "fixed": "1.8.0"
        }
    ]
}

Affected versions

v1.*
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.7.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55605.json"