CVE-2025-6514
Published
CVSS v3
9.6
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
GitHubView on NVD ↗
GitHub