Skip to main content

A11Y Mcp

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5323 npm LOW POC PATCH Monitor

Server-side request forgery (SSRF) in priyankark a11y-mcp up to version 1.0.5 allows local authenticated attackers to perform arbitrary outbound requests via the A11yServer function in src/index.js, potentially enabling access to internal services or exfiltration of sensitive data. The vulnerability requires local access and user approval (as the tool operates as a local stdio MCP server with no network exposure), and publicly available exploit code exists. Vendor has released patched version 1.0.6 with commit e3e11c9e8482bd06b82fd9fced67be4856f0dffc.

SSRF A11Y Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2026-5323 npm
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Server-side request forgery (SSRF) in priyankark a11y-mcp up to version 1.0.5 allows local authenticated attackers to perform arbitrary outbound requests via the A11yServer function in src/index.js, potentially enabling access to internal services or exfiltration of sensitive data. The vulnerability requires local access and user approval (as the tool operates as a local stdio MCP server with no network exposure), and publicly available exploit code exists. Vendor has released patched version 1.0.6 with commit e3e11c9e8482bd06b82fd9fced67be4856f0dffc.

SSRF A11Y Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy