{"data":{"id":"2d8d0290-efe8-43b3-ab6d-58f14c086601","title":"CVE-2026-44895: GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships","summary":"GitLab MCP Server (a tool that lets AI agents interact with GitLab) had a critical security flaw in versions before 0.6.0 where its HTTP transport exposed an unauthenticated endpoint (a service that processes requests without checking who is calling it) to any website, combined with a misconfiguration that made it accessible from all network interfaces instead of just locally. This allowed attackers from anywhere to make changes to GitLab repositories using the server operator's stored credentials.","solution":"Update GitLab MCP Server to version 0.6.0, which fixes the vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-44895","publishedAt":"2026-05-26T22:16:42.730Z","cveId":"CVE-2026-44895","cweIds":["CWE-306","CWE-942"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["GitLab MCP Server"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-26T22:16:42.730Z","capecIds":["CAPEC-115"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}