Anthropic MCP TypeScript SDK Regular Expression Denial-of-Service Vulnerability

A regular expression denial-of-service (ReDoS) vulnerability has been identified in Anthropic's MCP TypeScript SDK, specifically in versions through 1.25.1. The issue arises in the UriTemplate class when handling exploded array patterns defined by RFC 6570. The vulnerability is caused by a dynamically generated regular expression for URI matching that includes nested quantifiers, leading to catastrophic backtracking with specially crafted inputs. This exploitation results in excessive CPU usage, causing the Node.js process to become unresponsive and unavailable, thereby disrupting service for all clients.

Impact

Exploitation of this vulnerability leads to a significant increase in CPU usage, causing the server to crash and become unresponsive. This denial-of-service condition affects all clients connected to the server, causing widespread service disruption.

Reproduction

The vulnerability can be reproduced by registering a resource template on an MCP server that uses exploded array patterns. When a client sends a request with a maliciously crafted URI that exploits the regular expression used for matching, the server will experience a denial-of-service condition. This can be automated with a script that sends such requests after establishing a connection to the server.

Remediation

Users are advised to update to the latest version of the MCP TypeScript SDK, where this vulnerability has been addressed by modifying the regular expression pattern to eliminate the nested quantifiers that cause catastrophic backtracking.