{"data":{"id":"421301c3-cce6-43b4-81fb-1c64ad459f41","title":"GHSA-xcqx-9jf5-w339:  SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`","summary":"The SearXNG MCP Server's `web_url_read` tool has a vulnerability where it enforces a 5 MiB (megabyte) response size limit only by checking the `Content-Length` header in an initial HEAD request. When a server doesn't include this header, the size check fails and the tool loads the entire response into memory without any limit, allowing an attacker to force the server to consume unlimited memory and CPU, causing a denial of service (DoS, a situation where a system becomes unavailable).","solution":"Replace both `response.text()` calls with a streaming reader that aborts once the byte counter exceeds `maxContentLengthBytes`. The source text states: 'Replace both `response.text()` calls with a streaming reader that aborts once the byte counter exceeds `maxContentLengthBytes`' but does not provide the specific code implementation.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-xcqx-9jf5-w339","publishedAt":"2026-06-19T21:42:43.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["mcp-searxng@< 1.7.1 (fixed: 1.7.1)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["mcp-searxng","Model Context Protocol"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-19T21:42:43.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}