High-Severity Flaws Expose h3 to DoS and mcp-handler to Cross-Client Data Leaks
Two newly disclosed vulnerabilities affect widely used JavaScript server components, with one enabling application-level denial of service in h3 and the other causing cross-client data exposure in mcp-handler. The h3 flaw, tracked as GHSA-Q5PR-72PQ-83V3, is an algorithmic complexity issue in chunked cookie processing that lets an attacker send a very small HTTP request and force disproportionate CPU consumption. Rated CVSS 7.5, the bug can starve event loops and degrade availability without requiring privileges or user interaction.
A separate issue in mcp-handler, tracked as GHSA-W2FM-25VW-VH7F, stems from a transport race condition that can leak sensitive MCP tool responses across client sessions. The vulnerability, rated CVSS 7.1, can expose database query results, local file contents, proprietary data, and raw large language model outputs, while also allowing limited attacker-controlled input injection when misrouted requests are processed in a victim session. The risk is highest in stateless serverless deployments such as AWS Lambda or edge runtimes where developers reuse global McpServer or StreamableHTTPServerTransport instances, while persistent Node.js deployments that create transport objects per connection are described as resistant to this specific flaw.
Timeline
Apr 1, 2026
mcp-handler transport race condition disclosed as GHSA-W2FM-25VW-VH7F
A high-severity vulnerability in mcp-handler was disclosed involving a transport race condition that can leak sensitive data across client sessions. The flaw mainly impacts confidentiality, with stateless serverless deployments highlighted as especially vulnerable when global variable caching is used for shared transport or server instances.
Mar 23, 2026
h3 denial-of-service vulnerability disclosed as GHSA-Q5PR-72PQ-83V3
A high-severity algorithmic complexity flaw in h3 was disclosed that can cause application-level denial of service by forcing disproportionate CPU consumption from a small HTTP request. The issue primarily affects availability and is especially risky in containerized and horizontally scaled environments where it can trigger crash loops and fleet-wide resource exhaustion.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Client-Side Injection Flaws Expose Sessions and Sensitive Data in AVideo and dom-sanitizer
Two newly disclosed web application flaws expose users to client-side data theft through content injection. In AVideo's **TopMenu** plugin, a stored cross-site scripting issue tracked as `GHSA-GMPC-FXG2-VCMQ` carries a CVSS 3.1 score of **6.1** and allows attackers to inject JavaScript that can read `document.cookie`, steal active session tokens, and impersonate users or administrators. Because the TopMenu component is rendered globally across the application, a malicious payload can execute for all site visitors, creating broad exposure and enabling follow-on attacks such as credential harvesting and fake login prompts. A separate issue in `rhukster/dom-sanitizer`, tracked as `GHSA-93VF-569F-22CQ`, allows **CSS injection** through SVG `style` tags and is rated **4.7** under CVSS 3.1. The flaw can be exploited remotely without authentication when a victim renders a crafted SVG in a browser, potentially disclosing the victim's IP address, browser details, exact page URL, and sensitive DOM-resident data such as CSRF tokens or partial session identifiers. While the sanitizer flaw does not directly alter server-side state or disrupt availability, both disclosures highlight how server-side handling of untrusted content can be turned into browser-based theft of session and application data.
3 weeks ago
Critical Axios Flaw Enables Request Smuggling, IMDSv2 Bypass, and Cloud Compromise
A critical vulnerability in the Axios HTTP client library, tracked as **`CVE-2026-40175`**, allows attackers to turn polluted JavaScript object properties into malicious HTTP headers and abuse outbound requests for **SSRF**, **request smuggling**, and potential **remote code execution**. Researchers said the flaw stems from improper header handling in Axios’s HTTP adapter and unsafe config merging, which can let `Object.prototype` values containing CRLF characters be injected into requests. The issue can be chained with prototype pollution in other npm packages to target internal services, including the AWS EC2 metadata endpoint at `169.254.169.254`, potentially bypassing **IMDSv2** and exposing cloud credentials or broader infrastructure. A public proof-of-concept was released alongside disclosure, raising urgency for defenders even though active exploitation had not been confirmed at the time of reporting. The flaw affects Axios versions before **`1.13.2`**, while maintainers said **`1.15.0`** introduces strict header validation that blocks CRLF-based header injection; organizations were urged to upgrade and audit dependencies such as **`body-parser`**, **`qs`**, and **`minimist`** for prototype pollution paths. One report cited internet-wide estimates of more than **48,000** potentially exposed instances, underscoring the risk of unauthorized internal access and possible full cloud compromise.
2 weeks ago
Microsoft Discloses Critical Azure MCP Server and AKS Authentication Flaws
Microsoft disclosed two high-severity vulnerabilities affecting hosted Azure services: **CVE-2026-32211** in **Azure MCP Server** and **CVE-2026-33105** in **Azure Kubernetes Service (AKS)**. The Azure MCP Server issue is an information disclosure flaw tied to **missing authentication for a critical function** (`CWE-306`), allowing an unauthenticated attacker to access sensitive information over the network. Its CVSS v3.1 vector, `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N`, indicates remote exploitation with no privileges or user interaction required. Microsoft also published **CVE-2026-33105**, an **improper authorization** vulnerability in AKS mapped to `CWE-285`, which could let an unauthenticated attacker **elevate privileges** remotely. The CVSS v3.1 vector, `AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`, reflects potential high impact across confidentiality, integrity, and availability. Both entries were identified as affecting **exclusively hosted services** and point defenders to Microsoft’s MSRC advisories for service-specific remediation and exposure assessment.
1 months ago