CVE-2026-39313 | QuantGeekDev mcp-framework up to 0.2.21 Model Context Protocol /mcp readRequestBody maxMessageSize allocation of resources (GHSA-353c-v8x9-v7c3)

A vulnerability was found in QuantGeekDev mcp-framework up to 0.2.21. It has been classified as problematic. This impacts the function readRequestBody of the file /mcp of the component Model Context Protocol. The manipulation of the argument maxMessageSize leads to allocation of resources.

This vulnerability is documented as CVE-2026-39313. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More