CVE-2026-44428: MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience
An attacker-controlled or compromised registry deployment can mint a valid registry JWT on another deployment and inherit publish permissions for the victim GitHub owner namespace. In practical terms, this enables unauthorized publication or update actions for names such as io.github.<owner>/* on the victim registry instance.
References
- github.com/advisories/GHSA-95c3-6vvw-4mrq
- github.com/modelcontextprotocol/registry
- github.com/modelcontextprotocol/registry/commit/3f89fc2b1fb34fd49f3c0e1b39e964a5c67b613f
- github.com/modelcontextprotocol/registry/pull/1229
- github.com/modelcontextprotocol/registry/releases/tag/v1.7.6
- github.com/modelcontextprotocol/registry/security/advisories/GHSA-95c3-6vvw-4mrq
- nvd.nist.gov/vuln/detail/CVE-2026-44428
Code Behaviors & Features
Detect and mitigate CVE-2026-44428 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →