| Название | horizon921 mcpilot 0.1.0 Server-Side Request Forgery |
|---|
| Описание | A critical Server-Side Request Forgery (SSRF) vulnerability was discovered in mcpilot 0.1.0. The issue exists in the Next.js API route /api/mcp/call within client/src/app/api/mcp/call/route.ts. The backend accepts a user-provided serverBaseUrl and performs multiple outbound fetch requests (GET and POST) to this URL to detect and call MCP tools. Since there are no restrictions on the scheme, hostname, or IP address, a remote attacker can manipulate the serverBaseUrl to force the server to interact with sensitive internal services, local loopback interfaces (localhost), or cloud metadata endpoints. This can lead to unauthorized access to internal resources and the potential modification of internal service states via POST requests. |
|---|
| Источник | ⚠️ https://github.com/horizon921/mcpilot/issues/1 |
|---|
| Пользователь | ccccccctfi (UID 97498) |
|---|
| Представление | 11.05.2026 10:51 (25 дни назад) |
|---|
| Модерация | 31.05.2026 18:16 (20 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 367573 [horizon921 mcpilot 0.1.0 MCP API Call Endpoint route.ts serverBaseUrl эскалация привилегий] |
|---|
| Баллы | 20 |
|---|