11 matches found
Server-side Request Forgery (SSRF)
Overview auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6...
NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs
NPM: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated authfetch and downloadmedia URLs vulnerability discovered by ? in WordPress Npm auth-fetch-mcp versions = 3.0.0...
EUVD-2025-202327
Fetch MCP Server has a Server-Side Request Forgery SSRF vulnerability...
GHSA-8FXJ-2G9Q-8FJW Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
Fetch MCP Server has a Server-Side Request Forgery (SSRF) vulnerability
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
CVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
CVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
CVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
CVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery SSRF vulnerability, which allows attackers to bypass private IP validation and access internal network resources...
CVE-2025-65513
CVE-2025-65513 affects fetch-mcp v1.0.2 and earlier. The vulnerability is Server-Side Request Forgery (SSRF) that allows bypassing private IP validation to reach internal network resources. Reported root cause involves the is_ip_private logic in fetch-mcp server code (notably in the MCP fetch-ser...
PT-2025-50273
Name of the Vulnerable Software and Affected Versions fetch-mcp versions 1.0.2 and earlier Description The software is susceptible to a Server-Side Request Forgery SSRF issue. This allows attackers to circumvent private IP validation and gain access to internal network resources. Recommendations...