CVE-2025-59155
The HackMD MCP server (hackmd-mcp) is affected by a Server-Side Request Forgery (SSRF) in HTTP transport mode from version 1.4.0 up to 1.5.0. The vulnerability stems from inadequate validation of arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON qu...