Which versions of GlutamateMCPServers are affected by CVE-2026-7094?

CVE-2026-7094 is a server-side request forgery vulnerability in ShadowCloneLabs GlutamateMCPServers that permits unauthenticated remote attackers to access internal resources and conduct network…

Is there a public PoC exploit available for CVE-2026-7094?

Yes, a public proof-of-concept exploit is available for CVE-2026-7094. Prioritise patching immediately. EPSS: 0.0%.

GlutamateMCPServers CVE-2026-7094

Q: What is the CVSS score of CVE-2026-7094?

CVE-2026-7094 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25783 MEDIUM

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-27 VulDB

SSRF

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 01, 2026 - 20:30 vuln.today

Public exploit code

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

Severity Changed

Apr 27, 2026 - 07:22 NVD

HIGH MEDIUM

CVSS changed

Apr 27, 2026 - 07:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 27, 2026 - 06:46 vuln.today

EUVD ID Assigned

Apr 27, 2026 - 06:30 euvd

EUVD-2026-25783

Analysis Generated

Apr 27, 2026 - 06:30 vuln.today

CVE Published

Apr 27, 2026 - 06:15 nvd

MEDIUM 5.5

DescriptionNVD

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Server-side request forgery in ShadowCloneLabs GlutamateMCPServers allows remote unauthenticated attackers to manipulate the 'url' parameter in the puppeteer_navigate component (src/puppeteer/index.ts), potentially accessing internal resources or conducting network reconnaissance. A publicly available proof-of-concept exploit exists (GitHub). …

RemediationAI

Within 24 hours: Identify all instances of GlutamateMCPServers in production and development environments; disable or restrict network access to the puppeteer_navigate endpoint. Within 7 days: Implement network-level controls (WAF rules, reverse proxy whitelisting) to block requests with suspicious 'url' parameters; conduct internal network scan to identify lateral movement risk. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7094 vulnerability details – vuln.today

Back

GlutamateMCPServers CVE-2026-7094

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

GlutamateMCPServers CVE-2026-7094

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code