| عنوان | imprvhub mcp-browser-agent 0.8.0 Server-Side Request Forgery |
|---|
| الوصف | This proof of concept demonstrates a Server-Side Request Forgery (SSRF) vulnerability in the MCP browser agent. The vulnerability resides in the browser_navigate functionality, which allows an attacker to control the url parameter and navigate the browser to arbitrary destinations. By exploiting this flaw, an attacker can force the server to send requests to internal or external systems, potentially exposing sensitive information, accessing restricted resources, or delivering malicious content. This SSRF vulnerability could be leveraged to bypass network restrictions, scan internal networks, or exfiltrate data |
|---|
| المصدر | ⚠️ https://github.com/wing3e/public_exp/issues/25 |
|---|
| المستخدم | feng kairui (UID 96539) |
|---|
| ارسال | 21/03/2026 11:22 AM (22 أيام منذ) |
|---|
| الاعتدال | 05/04/2026 04:03 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 355398 [imprvhub mcp-browser-agent حتى 0.8.0 URL Parameter src/handlers.ts CallToolRequestSchema request.params.name/request.params.arguments تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|