{"data":{"id":"2dbcd101-7745-4b50-bd88-3fdd9888cf0d","title":"GHSA-hv85-774v-26fg: auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs","summary":"The `download_media` and `auth_fetch` tools in auth-fetch-mcp accept any URL without validation, allowing an attacker (via prompt injection or a malicious MCP client) to make the server fetch from private or internal services like cloud metadata endpoints or localhost, and then exfiltrate the response data. The `download_media` tool makes this worse by saving fetched content to disk where it can be read and stolen.","solution":"The source text describes the fix shape but does not provide an explicit implementation or version update: 'after URL parsing, resolve to IP, reject if private/loopback/link-local. Same defense as the well-known SSRF-guard pattern shipped by other MCP fetchers in the ecosystem (e.g., `Akitaroh/scraper-mcp` `src/security/url-guard.ts`).' However, no patched version, release number, or completed code fix is provided in the source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-hv85-774v-26fg","publishedAt":"2026-05-19T15:47:27.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection","rag_poisoning"],"issueType":"vulnerability","affectedPackages":["auth-fetch-mcp@<= 3.0.0 (fixed: 3.0.1)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["auth-fetch-mcp","ymw0407/auth-fetch-mcp","MCP (Model Context Protocol)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-05-19T15:47:27.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"plugin","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}