CVE-2026-44463: Missing Dynamic Mcp Oauth Auth

The HTTP context server is initialized using only static headers without dynamic OAuth token provisioning. This can bypass secure remote server authentication. Migrate to an implementation that provisions dynamic tokens (e.g., via a token provider).

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0rust

greprules fetch cve-2026-44463-missing-dynamic-mcp-oauth-auth --engine opengrep

Description

The HTTP context server is initialized using only static headers without dynamic OAuth token provisioning. This can bypass secure remote server authentication. Migrate to an implementation that provisions dynamic tokens (e.g., via a token provider).

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 108 downloads
0 direct108 via packs
· 0 stars · Trust score 69How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata