CVE-2026-55604

Summary

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global SessionStore accepts caller-supplied session_id values without binding them to any authenticated principal or transport session. An attacker can enumerate active session IDs via deepseek_sessions, then reuse a victim-controlled session_id in deepseek_chat to retrieve and continue the victim's conversation context. Version 1.7.0 contains a patch.

Affected Software

VendorProductVersion RangeStatus
arikusideepseek-mcp-server>= 1.4.2, < 1.7.0affected

Weaknesses

  • CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key

References