{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/@samanhappy/mcphub--0.12.15/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@samanhappy/mcphub (\u003c 0.12.15)"],"_cs_severities":["critical"],"_cs_tags":["identity-spoofing","sse","mcp","unauthenticated-access"],"_cs_type":"advisory","_cs_vendors":["samanhappy"],"content_html":"\u003cp\u003eMCPHub is vulnerable to a critical identity spoofing vulnerability that allows any unauthenticated user to impersonate any other user, including administrators, on SSE and MCP transport endpoints. This vulnerability exists because the server accepts a username directly from the URL path parameter without any database validation, token verification, or authentication check. The \u003ccode\u003esseUserContextMiddleware\u003c/code\u003e in \u003ccode\u003esrc/middlewares/userContext.ts\u003c/code\u003e extracts the username from \u003ccode\u003ereq.params.user\u003c/code\u003e and constructs a fabricated \u003ccode\u003eIUser\u003c/code\u003e object, bypassing all authentication. This allows attackers to execute MCP tool calls under the spoofed user\u0026rsquo;s context, access user-scoped resources and data, and poison audit logs. All MCPHub instances exposing SSE endpoints without bearer authentication are affected. This includes the default configuration when bearer keys are not explicitly set up. The vulnerability affects MCPHub versions prior to 0.12.15.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing the username of the target user within the path, for example \u003ccode\u003e/CEO-admin-impersonated/sse\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends an HTTP GET request to the crafted URL targeting the \u003ccode\u003e/sse\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003esseUserContextMiddleware\u003c/code\u003e extracts the username directly from \u003ccode\u003ereq.params.user\u003c/code\u003e without any authentication or validation.\u003c/li\u003e\n\u003cli\u003eThe middleware constructs a fabricated \u003ccode\u003eIUser\u003c/code\u003e object with the spoofed username and sets it in the \u003ccode\u003eUserContextService\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ehandleSseConnection\u003c/code\u003e function is called, establishing an SSE connection under the context of the spoofed user.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts an HTTP POST request to the \u003ccode\u003e/messages\u003c/code\u003e endpoint associated with the SSE session, including the session ID obtained during the SSE connection establishment.\u003c/li\u003e\n\u003cli\u003eThe attacker includes a JSON payload in the POST request specifying the \u003ccode\u003etools/call\u003c/code\u003e method and the desired tool and arguments.\u003c/li\u003e\n\u003cli\u003eThe MCP tool is executed on the server under the context of the spoofed user, potentially granting unauthorized access to resources and data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability enables a complete user identity spoofing on the MCP transport layer. Any unauthenticated network user can impersonate any other user, including administrators, on SSE/MCP endpoints. The attacker can then execute MCP tool calls under a spoofed user\u0026rsquo;s identity, potentially accessing user-scoped resources and data. Furthermore, all actions are recorded under the fabricated username, destroying accountability and forensic value. All MCPHub instances exposing SSE endpoints without bearer authentication are affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the \u003ccode\u003eDetect MCPHub User Impersonation via SSE Endpoint\u003c/code\u003e Sigma rule to your SIEM to detect exploitation attempts by monitoring HTTP requests to the SSE endpoint with suspicious usernames.\u003c/li\u003e\n\u003cli\u003eDeploy the \u003ccode\u003eDetect MCPHub MCP Tool Call via Spoofed User\u003c/code\u003e Sigma rule to your SIEM to detect exploitation attempts by monitoring HTTP requests with a spoofed user.\u003c/li\u003e\n\u003cli\u003eUpgrade to @samanhappy/mcphub version 0.12.15 or later to patch the vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T20:45:07Z","date_published":"2026-05-14T20:45:07Z","id":"https://feed.craftedsignal.io/briefs/2026-05-mcphub-user-impersonation/","summary":"MCPHub is vulnerable to user identity spoofing on the MCP transport layer; an unauthenticated network user can impersonate any user, including administrators, on SSE/MCP endpoints by providing the target username in the URL path, which allows execution of MCP tool calls under a spoofed user's identity, access to user-scoped resources and data, and poisoning of audit logs.","title":"MCPHub User Impersonation Vulnerability via Unauthenticated SSE Endpoint","url":"https://feed.craftedsignal.io/briefs/2026-05-mcphub-user-impersonation/"}],"language":"en","title":"CraftedSignal Threat Feed — @Samanhappy/Mcphub (\u003c 0.12.15)","version":"https://jsonfeed.org/version/1.1"}