| Title | mixelpixx google-search-mcp 0.1.0 Server-Side Request Forgery |
|---|
| Description | A server-side request forgery (SSRF) vulnerability has been identified in google-search-mcp, a project developed by mixelpixx. The application implements MCP (Model Context Protocol) tools that accept user-controlled URL parameters and passes them to outbound HTTP request functions without adequate validation. Specifically, in src/services/content-extractor.service.ts, the extractContent function calls axios.get(url) with a URL that can be influenced by an attacker through the MCP tool interface. The application fails to implement a destination allowlist or block dangerous network ranges, allowing an attacker to make arbitrary HTTP requests from the server's network context. This enables probing of internal network resources, access to cloud instance metadata services (such as AWS's x.x.x.x), and interaction with other internal systems not intended to be exposed. The vulnerability exists because user-supplied input is trusted as the destination for outbound HTTP requests without implementing security controls such as scheme validation, host allowlisting, or blocking of loopback and private network addresses. |
|---|
| Source | ⚠️ https://github.com/wing3e/public_exp/issues/21 |
|---|
| User | BigW (UID 96422) |
|---|
| Submission | 03/17/2026 14:41 (18 days ago) |
|---|
| Moderation | 04/03/2026 09:29 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355074 [mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent URL server-side request forgery] |
|---|
| Points | 20 |
|---|