Is there a public PoC exploit available for CVE-2026-5323?

Yes, a public proof-of-concept exploit is available for CVE-2026-5323. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-5323?

Yes, a patch is available for CVE-2026-5323. Update the affected software to the latest version immediately.

A11Y Mcp CVE-2026-5323

Q: What is the CVSS score of CVE-2026-5323?

CVE-2026-5323 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-18130 LOW

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-02 VulDB

SSRF A11Y Mcp

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

4.8 (MEDIUM) 1.9 (LOW)

PoC Detected

Apr 03, 2026 - 16:10 vuln.today

Public exploit code

EUVD ID Assigned

Apr 02, 2026 - 06:45 euvd

EUVD-2026-18130

Analysis Generated

Apr 02, 2026 - 06:45 vuln.today

Patch released

Apr 02, 2026 - 06:45 nvd

Patch available

CVE Published

Apr 02, 2026 - 06:15 nvd

MEDIUM 4.8

DescriptionCVE.org

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Upgrading to version 1.0.6 is able to resolve this issue. The patch is identified as e3e11c9e8482bd06b82fd9fced67be4856f0dffc. It is recommended to upgrade the affected component. The vendor acknowledged the issue but provides additional context for the CVSS rating: "a11y-mcp is a local stdio MCP server - it has no HTTP endpoint and is not network-accessible. The caller is always the local user or an LLM acting on their behalf with user approval."

AnalysisAI

Server-side request forgery (SSRF) in priyankark a11y-mcp up to version 1.0.5 allows local authenticated attackers to perform arbitrary outbound requests via the A11yServer function in src/index.js, potentially enabling access to internal services or exfiltration of sensitive data. The vulnerability requires local access and user approval (as the tool operates as a local stdio MCP server with no network exposure), and publicly available exploit code exists. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS v3.1 score of 5.3 reflects a Medium-severity vulnerability with Attack Vector Local (AV:L), low Attack Complexity (AC:L), and requirement for Low Privilege (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with local access (or a maliciously-crafted LLM prompt executed within the user's approved a11y-mcp environment) could craft a specially-formed input to the A11yServer function that triggers an SSRF condition. For example, the attacker might provide a URL parameter that causes the server to fetch content from an internal service running on localhost or a private network address, potentially accessing sensitive data or triggering unintended actions on internal systems. …
Remediation	Upgrade a11y-mcp to version 1.0.6 or later, which incorporates the fix identified by commit e3e11c9e8482bd06b82fd9fced67be4856f0dffc. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5323 vulnerability details – vuln.today

Back