{"data":{"id":"45961246-b9dd-4e60-8570-1e8d09d2f907","title":"GHSA-jwp7-wg77-3w9v: Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching","summary":"A domain allowlist (list of approved websites) in the Apify Model Context Protocol server is bypassed because it uses simple string prefix matching instead of proper URL validation. An attacker can create a fake subdomain like `https://docs.apify.com.evil.com/` that passes the check, allowing the tool to fetch arbitrary content from attacker-controlled servers and return it to the AI, which can lead to prompt injection (tricking the AI by hiding instructions in fetched content) and potential account compromise.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-jwp7-wg77-3w9v","publishedAt":"2026-05-19T16:34:34.000Z","cveId":"CVE-2026-46341","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection","rag_poisoning"],"issueType":"vulnerability","affectedPackages":["@apify/actors-mcp-server@< 0.9.21 (fixed: 0.9.21)"],"affectedVendors":[],"affectedVendorsRaw":["Apify"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-19T16:34:34.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}