{"vulnerability": "cve-2026-48529", "sightings": [{"uuid": "62914447-c3dd-45c7-ac7b-a90bbeb04a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48529", "type": "published-proof-of-concept", "source": "https://github.com/github/github-mcp-server/security/advisories/GHSA-pjp5-fpmr-3349", "content": "", "creation_timestamp": "2026-06-25T22:35:05.042006Z"}, {"uuid": "74336064-0ad3-4e93-95ac-16eb137fee70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48529", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp7l26lvbx2l", "content": "CVE-2026-48529 - GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion\nCVE ID : CVE-2026-48529\n \n Published : June 26, 2026, 4:33 p.m. | 1\u00a0hour, 11\u00a0minutes ago\n \n Description : GitHub MCP Server is GitHub's official MCP Server. Fr...", "creation_timestamp": "2026-06-26T18:26:46.636903Z"}]}