Sse

MCPHub is vulnerable to user identity spoofing on the MCP transport layer; an unauthenticated network user can impersonate any user, including administrators, on SSE/MCP endpoints by providing the target username in the URL path, which allows execution of MCP tool calls under a spoofed user's identity, access to user-scoped resources and data, and poisoning of audit logs.

The @yoda.digital/gitlab-mcp-server's SSE transport lacks authentication and uses wildcard CORS, enabling unauthenticated attackers to execute arbitrary GitLab API calls using the operator's GitLab PAT, including destructive operations.