PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55605 arikusi CVE debrief

CVE-2026-55605 is a vulnerability in DeepSeek MCP Server versions 1.4.2 to 1.7.0. The self-hosted HTTP transport exposes the `POST /mcp` endpoint without authentication, allowing clients to initialize a session and enumerate tools. The issue was patched in version 1.8.0. This vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Users of DeepSeek MCP Server in self-hosted HTTP mode, especially those with the `DEEPSEEK_API_KEY` configured, should verify their deployments and update to version 1.8.0 or later.

Vendor
arikusi
Product
deepseek-mcp-server
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-09
Original CVE updated
2026-07-10
Advisory published
2026-07-09
Advisory updated
2026-07-10

Who should care

Users of DeepSeek MCP Server in self-hosted HTTP mode, especially those with the `DEEPSEEK_API_KEY` configured, should verify their deployments and update to version 1.8.0 or later. Operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability and take necessary actions to protect their systems.

Technical summary

The `createMcpExpressApp` function is called without an `authProvider`, leaving the `POST /mcp` endpoint unguarded. An unauthenticated client can initialize a session, enumerate tools, and invoke the `deepseek_sessions` tool. This vulnerability in DeepSeek MCP Server versions 1.4.2 to 1.7.0 allows unauthorized access, potentially leading to sensitive information disclosure or further exploitation. The issue is specific to self-hosted HTTP mode and does not affect the hosted BYOK endpoint. Users should verify their deployments, especially those with the `DEEPSEEK_API_KEY` configured, and update to version 1.8.0 or later. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM, indicating medium defensive priority.

Defensive priority

Medium

Recommended defensive actions

  • Verify and update DeepSeek MCP Server to version 1.8.0 or later
  • Review and restrict access to the `POST /mcp` endpoint
  • Monitor for unauthorized session initializations
  • Consider implementing additional authentication mechanisms
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-09T22:17:06.400Z and last modified on 2026-07-10T14:16:53.790Z. The NVD entry is currently MEDIUM. Evidence from the CVE record and NVD entry indicates that DeepSeek MCP Server versions 1.4.2 to 1.7.0 are affected. The self-hosted HTTP transport exposes the `POST /mcp` endpoint without authentication, allowing clients to initialize a session and enumerate tools. The issue was patched in version 1.8.0. Defenders should verify their deployments and update to version 1.8.0 or later.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-09T22:17:06.400Z and has not been modified since then. The NVD entry is currently MEDIUM.