CVE-2026-33946

Published
View on NVD ↗
CVSS v3
5.9
MEDIUM
CVSS v2
N/A
Affected
4
PROJECTS

Description

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events (SSE) stream and intercept all real-time data. Version 0.9.2 contains a patch.

modelcontextprotocol/python-sdk
modelcontextprotocol/python-sdk
The official Python SDK for Model Context Protocol servers and clients
GitHubGitHub
23.2K
modelcontextprotocol/ruby-sdk
modelcontextprotocol/ruby-sdk
The official Ruby SDK for the Model Context Protocol.
GitHubGitHub
843
modelcontextprotocol/go-sdk
modelcontextprotocol/go-sdk
The official Go SDK for Model Context Protocol servers and clients. Maintained in collaboration with Google.
GitHubGitHub
4.64K
modelcontextprotocol/csharp-sdk
modelcontextprotocol/csharp-sdk
The official C# SDK for Model Context Protocol servers and clients. Maintained in collaboration with Microsoft.
GitHubGitHub
4.3K