Skip to main content

Aerostack Mcp

1 CVEs product

Monthly

CVE-2026-15189 MEDIUM This Month

Server-side request forgery in aerostackdev aerostack-mcp's mcp-whatsapp component allows authenticated remote attackers to manipulate the `media_url` argument of the `upload_media` function, causing the server to issue arbitrary outbound HTTP requests on the attacker's behalf. Affected installations span all commits up to 6315dfde7df0a15aaf743f88d91347115e09ba23 with no vendor patch available and no maintainer response to the disclosure. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

SSRF Aerostack Mcp
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

Server-side request forgery in aerostackdev aerostack-mcp's mcp-whatsapp component allows authenticated remote attackers to manipulate the `media_url` argument of the `upload_media` function, causing the server to issue arbitrary outbound HTTP requests on the attacker's behalf. Affected installations span all commits up to 6315dfde7df0a15aaf743f88d91347115e09ba23 with no vendor patch available and no maintainer response to the disclosure. No public exploit has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

SSRF Aerostack Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy