CVE-2026-58168 | HKUDS DeepTutor up to 1.4.9 tool_access.py allowed_mcp_tools authorization
A vulnerability, which was classified as critical, was found in HKUDS DeepTutor up to 1.4.9. Affected by this vulnerability is the function allowed_mcp_tools of the file deeptutor/multi_user/tool_access.py. The manipulation results in missing authorization.
This vulnerability is known as CVE-2026-58168. It is possible to launch the attack remotely. No exploit is available.
You should upgrade the affected component.VulDB Recent EntriesRead More