Threat Advisory

MCP Framework Vulnerability Crafted POST Request

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-39313 with a CVSS score of 8.7 is a vulnerability in the npm/mcp-framework package, specifically in versions, which allows for denial of service via HTTP transport. The issue is caused by the readRequestBody() function in the HTTP transport concatenating request body chunks into a string with no size limit, despite the existence of a maxMessageSize configuration value that is never enforced. A remote unauthenticated attacker can exploit this vulnerability by sending a single large POST request to /mcp, causing memory exhaustion and denial of service. The attacker gains the capability to crash the mcp-framework HTTP server, resulting in business impact and consequences including denial of service, no authentication required for exploitation, and a false sense of security due to the existence of an unenforced maxMessageSize configuration value. Prerequisites for exploitation include a vulnerable version of the mcp-framework package, a large POST request, and access to the /mcp endpoint.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-39313 with a CVSS score of 8.7 is a vulnerability in the npm/mcp-framework package, specifically in versions, which allows for denial of service via HTTP transport. The issue is caused by the readRequestBody() function in the HTTP transport concatenating request body chunks into a string with no size limit, despite the existence of a maxMessageSize configuration value that is never enforced. A remote unauthenticated attacker can exploit this vulnerability by sending a single large POST request to /mcp, causing memory exhaustion and denial of service. The attacker gains the capability to crash the mcp-framework HTTP server, resulting in business impact and consequences including denial of service, no authentication required for exploitation, and a false sense of security due to the existence of an unenforced maxMessageSize configuration value. Prerequisites for exploitation include a vulnerable version of the mcp-framework package, a large POST request, and access to the /mcp endpoint.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update mcp-framework to version 0.2.22 or later.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-353c-v8x9-v7c3

[/emaillocker]
crossmenu