CVE-2026-45781

Description

MCP Registry: OCI validator skips ownership check on upstream rate limits in github.com/modelcontextprotocol/registry

Affected packages (2)

• Go/github.com/modelcontextprotocol/registryfrom 0, < 1.7.9
• Go/github.com/modelcontextprotocol/registryfrom 0, < 1.7.9

CVSS scores

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-45781
• PATCHhttps://github.com/modelcontextprotocol/registry
• WEBhttps://github.com/modelcontextprotocol/registry/security/advisories/GHSA-2v5f-5r6w-p67r