CVE-2026-48529

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL queries are executed using the first user's credentials. The singleton is never updated to reflect later users' tokens. This vulnerability is fixed in 1.1.2.
Configurations

No configuration.

History

27 Jun 2026, 04:17

Type Values Removed Values Added
References () https://github.com/github/github-mcp-server/security/advisories/GHSA-pjp5-fpmr-3349 - () https://github.com/github/github-mcp-server/security/advisories/GHSA-pjp5-fpmr-3349 -

26 Jun 2026, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-26 17:16

Updated : 2026-06-27 04:17


NVD link : CVE-2026-48529

Mitre link : CVE-2026-48529

CVE.ORG link : CVE-2026-48529


JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control