GHSA-vw82-7fv8-r6gp: Obot has an authorization bypass in /mcp-connect/{id} that allows any authenticated user to use any registered MCP server

May 13, 2026

If you have the MCP Server ID, you can connect to the MCP server even if you don’t have permissions to the server.

The MCP gateway endpoint /mcp-connect/{mcp_id} does not enforce Access Control Rules (ACRs). Any authenticated Obot user who possesses an MCP Server ID can connect to that server through the gateway — including making tool calls — regardless of whether they are a member of any MCP Registry that grants access to the server.

In practice this means any User can fully use MCP servers that the administrator believed were restricted to specific groups.

References

Code Behaviors & Features

Detect and mitigate GHSA-vw82-7fv8-r6gp with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →