CVE-2026-7729 in directus-mcpinformación

Resumen

por MITRE • 2026-05-04

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulDB

Divulgación

2026-05-04

Moderación

aceptado

Artículo

VDB-360904

CPE

listo

CWE

CWE-918 (confirmado)

Explotación

Descargar

CVSS

6.3 (VulDB)

EPSS

0.00048

KEV

Actividades

muy bajo

Sector

Lawfirm, Government, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7729
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7729
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7729/

◂ Anterior Visión De Conjunto Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!