Skip to main content

Awesome Mcp Server

1 CVEs product

Monthly

CVE-2026-14748 LOW POC Monitor

Server-side request forgery in the mcp-wiki/wiki-summary component of AIAnytime Awesome-MCP-Server (up to commit a884bb51) allows a remote, low-privileged attacker to manipulate the `url` argument in `mcp-wiki/src/mcp_wiki/server.py`, causing the server to issue arbitrary HTTP requests to internal or external resources on the attacker's behalf. Successful exploitation can expose internal services, cloud metadata endpoints, or other backend infrastructure inaccessible from the public internet. A publicly available exploit exists (POC confirmed via GitHub issue #35); this CVE is not currently listed in CISA KEV. The CVSS 4.0 score of 5.3 reflects a moderate severity with low-privilege authentication required and partial confidentiality, integrity, and availability impact.

SSRF Awesome Mcp Server
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.2%
EPSS 0% CVSS 2.1
LOW POC Monitor

Server-side request forgery in the mcp-wiki/wiki-summary component of AIAnytime Awesome-MCP-Server (up to commit a884bb51) allows a remote, low-privileged attacker to manipulate the `url` argument in `mcp-wiki/src/mcp_wiki/server.py`, causing the server to issue arbitrary HTTP requests to internal or external resources on the attacker's behalf. Successful exploitation can expose internal services, cloud metadata endpoints, or other backend infrastructure inaccessible from the public internet. A publicly available exploit exists (POC confirmed via GitHub issue #35); this CVE is not currently listed in CISA KEV. The CVSS 4.0 score of 5.3 reflects a moderate severity with low-privilege authentication required and partial confidentiality, integrity, and availability impact.

SSRF Awesome Mcp Server
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy