CVE-2026-10690 in DesktopCommanderMCP
Summary
by MITRE • 06/03/2026
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 53699bebba9950047bca16ac4dc8f0568f596aaa. It is best practice to apply a patch to resolve this issue.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/07/2026
This vulnerability in wonderwhy-er DesktopCommanderMCP version 0.2.37 represents a critical server-side request forgery flaw that exposes the application to remote exploitation. The vulnerability exists within the readFileFromUrl function located in src/tools/filesystem.ts, specifically in the read_file component of the software. The flaw allows attackers to manipulate the url argument passed to this function, enabling them to initiate unauthorized requests from the server to arbitrary destinations. This type of vulnerability falls under the CWE-918 category of Server-Side Request Forgery, which is classified as a serious security weakness that can lead to various downstream attacks including internal network reconnaissance, data exfiltration, and privilege escalation. The attack vector is particularly dangerous because it can be executed remotely without requiring any local access to the system, making it highly accessible to threat actors.
The operational impact of this vulnerability extends beyond simple data theft, as it can enable attackers to perform reconnaissance on internal systems that the server might have access to but which are not directly exposed to the internet. When an attacker successfully exploits this SSRF vulnerability, they can potentially access internal services, databases, or other resources that should remain isolated from external network traffic. This creates a significant risk for organizations using this software, as the compromised server could become a pivot point for attacking other systems within the network perimeter. The fact that a publicly available exploit exists for this vulnerability increases the likelihood of successful attacks, as malicious actors can readily leverage this knowledge to compromise affected systems.
Security practitioners should prioritize patching this vulnerability immediately, with the recommended fix being the application of the patch identified by the commit hash 53699bebba9950047bca16ac4dc8f0568f596aaa. This patch should be applied to all instances of DesktopCommanderMCP 0.2.37 that are accessible to untrusted networks or users. The remediation process should include thorough testing to ensure that the patch does not introduce regressions in functionality, particularly around file system operations and URL handling. Additionally, organizations should implement network segmentation and firewall rules to limit the server's access to internal resources, providing defense-in-depth measures that can mitigate the impact even if the primary vulnerability is not immediately patched. From an ATT&CK framework perspective, this vulnerability maps to T1190 - Proxying and T1071.004 - Application Layer Protocol: DNS, as attackers can use the compromised system to relay requests through the server to other targets, potentially bypassing network security controls. Organizations should also consider implementing web application firewalls and monitoring for unusual outbound requests that might indicate exploitation attempts.