Primary

Context

Litmus Automation Litmus-MCP-Server Unauthorized Access Vulnerability via SSE Protocol

Vulnerability

A vulnerability allowing unauthorized attackers to control the target's MCP service through the SSE protocol has been identified in Litmus Automation Litmus-MCP-Server versions through 0.0.1. The issue arises from a lack of identity verification for user access to SSE, enabling anyone to access this service.

Impact

Exploitation of this vulnerability allows for unauthorized control over the MCP service on the target system.

Reproduction

The vulnerability can be reproduced by running the Litmus-MCP-Server in a Docker container. Once the server is running, connect to it using the MCP tool. The default server binding allows for unauthorized access to the MCP service through the SSE protocol.

Added: Sep 10, 2025, 2:20 PM

Updated: Sep 10, 2025, 3:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Litmus Automation Litmus-MCP-Server Unauthorized Access Vulnerability via SSE Protocol

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating