Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Server-side request forgery in ShadowCloneLabs GlutamateMCPServers allows remote unauthenticated attackers to manipulate the 'url' parameter in the puppeteer_navigate component (src/puppeteer/index.ts), potentially accessing internal resources or conducting network reconnaissance. A publicly available proof-of-concept exploit exists (GitHub). EPSS data not available, but CVSS 7.3 (High) with network vector, low complexity, and no authentication requirements indicates significant accessibility. The vendor has not responded to early disclosure via GitHub issue #8, and no patch timeline exists due to the project's rolling release model.
Technical ContextAI
This vulnerability affects the Puppeteer integration within GlutamateMCPServers, specifically the puppeteer_navigate functionality in src/puppeteer/index.ts. CWE-918 (Server-Side Request Forgery) occurs when applications accept user-controlled URLs without proper validation, allowing attackers to coerce the server into making requests to arbitrary destinations. In this case, the 'url' parameter lacks sufficient input sanitization, enabling attackers to force the server-side Puppeteer browser automation to navigate to attacker-specified URLs. This can include internal network resources (localhost, RFC1918 addresses), cloud metadata endpoints (169.254.169.254), or external domains for data exfiltration. The affected component is part of an MCP (Model Context Protocol) server implementation using Node.js and Puppeteer for browser automation tasks.
RemediationAI
No vendor-released patch exists at the time of analysis-the project maintainers have not responded to the responsible disclosure filed as GitHub issue #8. Given the vendor's non-responsiveness and rolling release model, organizations should implement immediate compensating controls. Deploy strict input validation on the 'url' parameter in src/puppeteer/index.ts by implementing an allowlist of permitted domains/protocols and rejecting private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), localhost, and metadata endpoints (169.254.169.254). Add URL scheme restrictions to permit only http/https protocols. Consider applying network-level controls by restricting outbound connections from the GlutamateMCPServers process to only necessary external domains using firewall rules or container network policies, though this may break legitimate functionality requiring arbitrary URL navigation. If Puppeteer navigation to user-supplied URLs is not essential to your use case, disable or remove the puppeteer_navigate feature entirely. For organizations with development resources, fork the repository and apply custom patches with URL validation logic, monitoring upstream for eventual official fixes. Track GitHub issue #8 and the repository commit history for potential future remediation.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25783