GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from different users share this singleton and their lockdown-related GraphQL queries are executed using the first user's credentials. The singleton is never updated to reflect later users' tokens. This vulnerability is fixed in 1.1.2.
References
Configurations
No configuration.
History
27 Jun 2026, 04:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/github/github-mcp-server/security/advisories/GHSA-pjp5-fpmr-3349 - |
26 Jun 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-26 17:16
Updated : 2026-06-27 04:17
NVD link : CVE-2026-48529
Mitre link : CVE-2026-48529
CVE.ORG link : CVE-2026-48529
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control
