CVE-2026-33946: Mcp Session Stream Overwrite

Overwriting an existing session stream without checking if one already exists can lead to session hijacking.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

Ruby^β

greprules fetch cve-2026-33946-mcp-session-stream-overwrite --engine opengrep

Description

Overwriting an existing session stream without checking if one already exists can lead to session hijacking.

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 145 downloads
0 direct145 via packs
· 0 stars · Quality score 73How quality works
Included packs: 2 packs

0 signals from signed-in users.