CVE-2026-7221 in CloudBase-MCPthông tin

Tóm tắt

Bởi MITRE • 28/04/2026

A vulnerability was found in TencentCloudBase CloudBase-MCP up to 2.17.0. Affected is the function openUrl of the file mcp/src/interactive-server.ts of the component open-url API Endpoint. The manipulation of the argument req.body.url results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 2.17.1 is able to address this issue. The patch is identified as 3f678a1e7bd400cd76469d61024097d4920dc6b5. It is recommended to upgrade the affected component.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

VulDB

Tiết lộ

28/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-359821

CPE

sẵn sàng

CWE

CWE-918 (Đã xác nhận)

Khai thác

Tải xuống

CVSS

7.3 (VulDB)

EPSS

0.00063

KEV

không

Các hoạt động

rất thấp

ngành

Hospital, Transportation, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7221
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7221
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7221/

◂ Trước Tổng Quan Tiếp theo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!