EUVD-2026-19144Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Server-side request forgery (SSRF) in imprvhub mcp-browser-agent through version 0.8.0 allows authenticated remote attackers to manipulate URL parameters in the CallToolRequestSchema handler, enabling them to forge requests to arbitrary servers. Publicly available exploit code exists, and the vendor has not responded to early disclosure attempts, creating unmitigated exposure for users of affected versions.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | The CVSS 6.3 score (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) indicates moderate severity requiring authenticated access but resulting in confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated user (e.g., a legitimate application user or internal operator with mcp-browser-agent access) crafts a request with malicious URL parameters in the request.params.name or request.params.arguments fields. The vulnerable CallToolRequestSchema handler fails to validate these inputs and constructs an outbound HTTP request using the attacker-controlled parameters, causing the server to make a request to an internal service (e.g., a database admin panel, internal API, or cloud metadata service) that is normally inaccessible from the internet. … |
| Remediation | Immediate actions include: (1) review whether mcp-browser-agent is in active use in your environment, as the vendor has not provided a patched release; (2) if use is critical, implement network-level controls restricting outbound requests from the mcp-browser-agent process to only approved internal and external destinations via firewall rules or egress filtering; (3) apply strict input validation and allowlisting on all URL parameters passed to CallToolRequestSchema, rejecting any requests that deviate from expected patterns; (4) disable or restrict access to mcp-browser-agent to trusted users only, enforcing strong authentication and audit logging. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today