CVE-2026-7221 in CloudBase-MCPinfo

Zusammenfassung

von MITRE • 28.04.2026

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2.17.1 is able to address this issue. The patch is identified as 3f678a1e7bd400cd76469d61024097d4920dc6b5. It is recommended to upgrade the affected component.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulDB

Veröffentlichung

28.04.2026

Moderieren

akzeptiert

Eintrag

VDB-359821

CPE

bereit

CWE

CWE-918 (bestätigt)

Exploit

Download

CVSS

7.3 (VulDB)

EPSS

0.00063

KEV

nein

Aktivitäten

very low

Sektor

Chemical, Lawfirm, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7221
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7221
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7221/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!