| Title | TencentCloudBase CloudBase-MCP 2.16.1 Server-Side Request Forgery |
|---|
| Description | A server-side request forgery (SSRF) vulnerability (CWE-918) has been identified in the interactive server component of CloudBase MCP, specifically within mcp/src/interactive-server.ts. The HTTP endpoint POST /api/open-url accepts an attacker-controlled url value from the request body and passes it directly to openUrl() and subsequently to open() without validation or allowlisting. The server listens on x.x.x.x by default, making the endpoint reachable beyond loopback in many deployments. An attacker with network access to this endpoint can coerce the affected host into opening arbitrary URLs, enabling outbound requests to attacker‑controlled or internal destinations. Version 2.16.1 is confirmed affected, and no fixed version is available at the time of reporting. |
|---|
| Source | ⚠️ https://github.com/TencentCloudBase/CloudBase-MCP/issues/509 |
|---|
| User | BruceJin (UID 96538) |
|---|
| Submission | 04/10/2026 18:01 (18 days ago) |
|---|
| Moderation | 04/27/2026 17:35 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 359821 [TencentCloudBase CloudBase-MCP up to 2.17.0 open-url API Endpoint interactive-server.ts openUrl req.body.url server-side request forgery] |
|---|
| Points | 20 |
|---|