GHSA-xcqx-9jf5-w339: SearXNG MCP Server: Unbounded Response Body Read Bypasses URL Size Limit in `web_url_read`
Summary
The SearXNG MCP Server's `web_url_read` tool has a vulnerability where it enforces a 5 MiB (megabyte) response size limit only by checking the `Content-Length` header in an initial HEAD request. When a server doesn't include this header, the size check fails and the tool loads the entire response into memory without any limit, allowing an attacker to force the server to consume unlimited memory and CPU, causing a denial of service (DoS, a situation where a system becomes unavailable).
Solution / Mitigation
Replace both `response.text()` calls with a streaming reader that aborts once the byte counter exceeds `maxContentLengthBytes`. The source text states: 'Replace both `response.text()` calls with a streaming reader that aborts once the byte counter exceeds `maxContentLengthBytes`' but does not provide the specific code implementation.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-xcqx-9jf5-w339
First tracked: June 19, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 92%