Skip to main content

mcpilot CVE-2026-10280

| EUVD-2026-33738 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-01 VulDB GHSA-6w53-8mcc-fqqh
SSRF Mcpilot
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 01, 2026 - 19:25 vuln.today
Severity Changed
Jun 01, 2026 - 19:22 NVD
HIGH MEDIUM
CVSS changed
Jun 01, 2026 - 19:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)

DescriptionCVE.org

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Server-side request forgery in horizon921 mcpilot 0.1.0 allows unauthenticated remote attackers to force the server to issue arbitrary HTTP requests by supplying a malicious value to the serverBaseUrl parameter in the MCP API Call Endpoint (client/src/app/api/mcp/call/route.ts). The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms the attack requires no authentication and no user interaction, making it trivially reachable from the network. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed mcpilot /api/mcp/call endpoint
Delivery
Send unauthenticated HTTP request with malicious serverBaseUrl
Exploit
Server issues forged outbound request to attacker-controlled target
Execution
Retrieve response containing internal service data or credentials
Impact
Leverage harvested credentials for further access
Sign in to reveal

Vulnerability AssessmentAI

Exploitation No special conditions are required for exploitation. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.5 reflects partial impact across confidentiality, integrity, and availability (VC:L/VI:L/VA:L) with no scope change to secondary systems (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker sends a crafted HTTP POST request to the publicly accessible `/api/mcp/call` endpoint, supplying `serverBaseUrl` set to an internal target such as `http://169.254.169.254/latest/meta-data/iam/security-credentials/` (AWS IMDSv1). The mcpilot server issues the forged request on the attacker's behalf and returns the response, potentially exposing cloud IAM credentials or internal service data. …
Remediation No vendor-released patch has been identified at time of analysis; the vendor has not responded to the disclosure filed via GitHub issue (https://github.com/horizon921/mcpilot/issues/1). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10280 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy