9 matches found
CVE-2026-45609
CVE-2026-45609 concerns the mcp-security component of Spring AI, where unvalidated URL fetching enables SSRF prior to version 0.1.9. The vulnerability affects installations with Dynamic Client Registration (DCR) enabled and involves processing untrusted URLs used for OAuth-related discovery and m...
CVE-2026-45609 mcp-security: Unvalidated URL Fetching (SSRF)
mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...
MCP Security 代ē é®é¢ę¼ę“
MCP Security is a security tool developed by the Spring AI Community as an open-source project, designed to provide OAuth 2.0 authorization support for the Spring AIās MCP protocol. Versions of MCP Security prior to 0.1.9 contained code-related vulnerabilities. These vulnerabilities stemmed from...
GHSA-QJP4-4JVR-XQG3 Spring AI MCP Security: Unvalidated URL Fetching (SSRF)
Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to...
NPM: Flowise has an MCP Security Bypass that Enables RCE
NPM: Flowise has an MCP Security Bypass that Enables RCE vulnerability discovered by ? in WordPress Npm flowise-components versions = 3.1.1...
PT-2026-31996
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAIās Model Context Protocol MCP integration allows spawning background servers via stdio using user-supplied command strings, such as MCP"npx -y @smithery/cli ...". These commands are...
This Week in Spring - March 31st, 2026
Hi, Spring fans! Welcome to another fun edition of This Week in Spring! I'm writing to you from beautiful Amsterdam ahead of the wonderful Voxxed Days Amsterdam event, and I'm really looking forward to it. If you're there, please come say hello! Also, be aware that I'll be speaking at the Paris J...
A Bootiful Podcast: Daniel Garnier-Moiroux on MCP Security
Hi Spring, AI, Spring AI, security, and Spring Security fans! In this installment I talk to the legendary Daniel-Garnier Moiroux! ai mcp security java...
This Week in Spring - October 7th, 2025
Hi, Spring fans! How're you doing this fantastic October afternoon? I'm on a train returning from Frankfurt, Germany, where I spoke at the Cloud Foundry Day Frankfurt event about how awesome it is to build an application with Spring Boot and Cloud Foundry. Yesterday I was in Antwerp, Belgium, and...