| عنوان | horizon921 mcpilot 0.1.0 Server-Side Request Forgery |
|---|
| الوصف | A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in mcpilot 0.1.0. The issue exists in the Next.js API route /api/mcp/call within client/src/app/api/mcp/call/route.ts. The backend accepts a user-provided serverBaseUrl and performs multiple outbound fetch requests (GET and POST) to this URL to detect and call MCP tools. Since there are no restrictions on the scheme, hostname, or IP address, a remote attacker can manipulate the serverBaseUrl to force the server to interact with sensitive internal services, local loopback interfaces (localhost), or cloud metadata endpoints. This can lead to unauthorized access to internal resources and the potential modification of internal service states via POST requests. |
|---|
| المصدر | ⚠️ https://github.com/horizon921/mcpilot/issues/1 |
|---|
| المستخدم | ccccccctfi (UID 97498) |
|---|
| ارسال | 11/05/2026 10:51 AM (24 أيام منذ) |
|---|
| الاعتدال | 31/05/2026 06:16 PM (20 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367573 [horizon921 mcpilot 0.1.0 MCP API Call Endpoint route.ts serverBaseUrl تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|