8 matches found
Anthropic / Microsoft MCP Server-Side Request Forgery
Both Anthropic mcp-server-fetch and Microsoft playwright-mcp suffer from server-side request forgery vulnerabilities by accepting arbitrary URLs passed by the AI agent/client without any allowlist enforcement, IP range blocking, or internal network filtering...
MAL-2026-4701 Malicious code in venturo-playwright-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...
Malicious code in venturo-playwright-runner (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e63f5fe21c0fe70b9b120a217b3d1b14e765c47de231eb03d0d763c471fbd4e The package republishes Microsoft's @playwright/test under the unrelated name venturo-playwright-runner and falsifies its identity to claim Microsoft...
GHSA-6FG3-HVW7-2FWQ Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools
Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...
CVE-2025-9611
Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...
EUVD-2026-1179
Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...
Microsoft Playwright 安全漏洞
Microsoft Playwright is an automation framework from Microsoft Corporation USA. A security vulnerability exists in Microsoft Playwright MCP Server versions prior to 0.0.40 that stems from an unvalidated Origin header and could lead to DNS rebinding attacks and unauthorized requests...
Microsoft Playwright 数据伪造问题漏洞
Microsoft Playwright is an automation framework from Microsoft Corporation USA. Microsoft Playwright suffers from a Data Forgery Issue vulnerability, which can be exploited by an attacker to perform spoofing attacks...