CVE-2026-55604 PUBLISHED

@arikusi/deepseek-mcp-server has an Authorization Bypass Through User-Controlled Key

Assigner: GitHub_M
Reserved: 16.06.2026 Published: 09.07.2026 Updated: 10.07.2026

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global SessionStore accepts caller-supplied session_id values without binding them to any authenticated principal or transport session. An attacker can enumerate active session IDs via deepseek_sessions, then reuse a victim-controlled session_id in deepseek_chat to retrieve and continue the victim's conversation context. Version 1.7.0 contains a patch.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS Score: 8.6

Product Status

Vendor arikusi
Product deepseek-mcp-server
Versions
  • Version >= 1.4.2, < 1.7.0 is affected

References

Problem Types

  • CWE-639: Authorization Bypass Through User-Controlled Key CWE