GHSA-wvr4-3wq4-gpc5: MCP Connect has unauthenticated remote OS command execution via /bridge endpoint

March 19, 2026

When AUTH_TOKEN and ACCESS_TOKEN environment variables are not set (which is the default out-of-the-box configuration) the /bridge HTTP endpoint is completely unauthenticated. Any network-accessible caller can POST a request with an attacker-controlled serverPath and args payload, causing the server to spawn an arbitrary OS process as the user running mcp-bridge. This results in full remote code execution on the host without any credentials.

References

github.com/EvalsOne/MCP-connect
github.com/EvalsOne/MCP-connect/security/advisories/GHSA-wvr4-3wq4-gpc5
github.com/advisories/GHSA-wvr4-3wq4-gpc5

Code Behaviors & Features

Detect and mitigate GHSA-wvr4-3wq4-gpc5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →