MEDIUM
arikusi
CVE published 2026-07-09
CVE-2026-55605
CVE-2026-55605 is a vulnerability in DeepSeek MCP Server versions 1.4.2 to 1.7.0. The self-hosted HTTP transport exposes the `POST /mcp` endpoint without authentication, allowing clients to initialize a session and enumerate tools. The issue was patched in version 1.8.0. This vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Users of DeepSeek MCP Server in self-hosted HTTP mode, especially t [truncated]