Use of Hard-coded Credentials Affecting ogham-mcp package, versions [0.6.3, 0.11.1)

Q: How to fix?

Upgrade ogham-mcp to version 0.11.1 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Use of Hard-coded Credentials vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-PYTHON-OGHAMMCP-16430811
published6 May 2026
disclosed5 May 2026
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 5 May 2026

NewCWE-798 (opens in a new tab)

How to fix?

Upgrade ogham-mcp to version 0.11.1 or higher.

Overview

ogham-mcp is a Shared memory MCP server — persistent, searchable, cross-client

Affected versions of this package are vulnerable to Use of Hard-coded Credentials due to hardcoded credentials present in the source files, including development database URLs and an API key. An attacker can gain unauthorized access to external services by extracting these credentials from the distributed source files.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None