Aerostack Mcp
Monthly
Server-side request forgery in aerostackdev aerostack-mcp's mcp-whatsapp component allows authenticated remote attackers to manipulate the `media_url` argument of the `upload_media` function, causing the server to issue arbitrary outbound HTTP requests on the attacker's behalf. Affected installations span all commits up to 6315dfde7df0a15aaf743f88d91347115e09ba23 with no vendor patch available and no maintainer response to the disclosure. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.
Server-side request forgery in aerostackdev aerostack-mcp's mcp-whatsapp component allows authenticated remote attackers to manipulate the `media_url` argument of the `upload_media` function, causing the server to issue arbitrary outbound HTTP requests on the attacker's behalf. Affected installations span all commits up to 6315dfde7df0a15aaf743f88d91347115e09ba23 with no vendor patch available and no maintainer response to the disclosure. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.