Lucene search
+L

11 matches found

snyk
snyk
added 2026/07/01 6:16 p.m.5 views

Server-side Request Forgery (SSRF)

Overview auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6...

7.4CVSS6AI score
Exploits0References2
patchstack
patchstack
added 2026/05/19 3:47 p.m.11 views

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs

NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated authfetch and downloadmedia URLs vulnerability discovered by ? in WordPress Npm auth-fetch-mcp versions = 3.0.0...

5.8AI score
Exploits0References3Affected Software1
euvd
euvd
added 2025/12/10 12:30 a.m.5 views

EUVD-2025-202327

Fetch MCP Server has a Server-Side Request Forgery SSRF vulnerability...

6.5AI score0.00388EPSS
Exploits1References5
osv
osv
added 2025/12/10 12:30 a.m.3 views

GHSA-8FXJ-2G9Q-8FJW Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

6.3CVSS6.9AI score0.00388EPSS
Exploits1References5
github
github
added 2025/12/10 12:30 a.m.12 views

Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS7AI score0.00388EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2025/12/09 10:16 p.m.16 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS0.00388EPSS
Exploits1References2
osv
osv
added 2025/12/09 10:16 p.m.4 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

7.5CVSS5.8AI score0.00388EPSS
Exploits1References2
cvelist
cvelist
added 2025/12/09 12:0 a.m.30 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

0.00388EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2025/12/09 12:0 a.m.1 views

CVE-2025-65513

fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...

6.5AI score0.00388EPSS
Exploits1References2
cve
cve
added 2025/12/09 12:0 a.m.25 views

CVE-2025-65513

CVE-2025-65513 affects fetch-mcp v1.0.2 and earlier. The vulnerability is Server-Side Request Forgery (SSRF) that allows bypassing private IP validation to reach internal network resources. Reported root cause involves the is_ip_private logic in fetch-mcp server code (notably in the MCP fetch-ser...

7.5CVSS6.5AI score0.00388EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2025/12/09 12:0 a.m.10 views

PT-2025-50273

Name of the Vulnerable Software and Affected Versions fetch-mcp versions 1.0.2 and earlier Description The software is susceptible to a Server-Side Request Forgery SSRF issue. This allows attackers to circumvent private IP validation and gain access to internal network resources. Recommendations...

7.5CVSS6.6AI score0.00388EPSS
Exploits1References4
Rows per page
Query Builder