| शीर्षक | horizon921 mcpilot 0.1.0 Server-Side Request Forgery |
|---|
| विवरण | A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in mcpilot 0.1.0. The issue exists in the Next.js API route /api/mcp/call within client/src/app/api/mcp/call/route.ts. The backend accepts a user-provided serverBaseUrl and performs multiple outbound fetch requests (GET and POST) to this URL to detect and call MCP tools. Since there are no restrictions on the scheme, hostname, or IP address, a remote attacker can manipulate the serverBaseUrl to force the server to interact with sensitive internal services, local loopback interfaces (localhost), or cloud metadata endpoints. This can lead to unauthorized access to internal resources and the potential modification of internal service states via POST requests. |
|---|
| स्रोत | ⚠️ https://github.com/horizon921/mcpilot/issues/1 |
|---|
| उपयोगकर्ता | ccccccctfi (UID 97498) |
|---|
| सबमिशन | 11/05/2026 10:51 AM (24 दिन पहले) |
|---|
| संयम | 31/05/2026 06:16 PM (20 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367573 [horizon921 mcpilot 0.1.0 MCP API Call Endpoint route.ts serverBaseUrl अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|