CVE-2026-46341 in MCP Server정보

요약

\~에 의해 MITRE • 2026. 07. 16.

The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetch_apify_docs.ts validates allowlisted documentation domains with String.startsWith() rather than URL hostname comparison, allowing attacker-controlled URLs such as `https://docs.apify.com.evil.com/` and `https://[email protected]/` to pass the ALLOWED_DOC_DOMAINS check and return arbitrary fetched content to the LLM. This issue is fixed in version 0.9.21.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

책임이 있는

GitHub M

예약하다

2026. 05. 13.

모더레이션

수락

항목

VDB-379595

EPSS

0.00000

활동

낮음

출처

Interested in the pricing of exploits?

See the underground prices here!