Blender Mcp
Monthly
Server-side request forgery in blender-mcp's ZIP File Handler allows authenticated remote attackers to manipulate the zip_file_url parameter in import_generated_asset_hunyuan, causing the MCP server to issue arbitrary outbound HTTP requests on behalf of the attacker - including to internal network resources such as cloud metadata endpoints. All rolling-release commits up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b are affected, per CPE cpe:2.3:a:ahujasid:blender-mcp:*:*:*:*:*:*:*:*. A publicly available exploit exists via GitHub issue #203 (E:P confirmed in CVSS temporal vector), though no CISA KEV listing exists at time of analysis.
Server-Side Request Forgery and arbitrary file read in ahujasid/blender-mcp allows authenticated remote attackers to exfiltrate local filesystem content or pivot to internal network services via unsanitized manipulation of the input_image_url parameter in the generate_hunyuan3d_model function (src/blender_mcp/server.py). The parameter is passed without validation directly to both open() for local file reads and requests.get() for remote fetches, enabling path traversal and SSRF primitives simultaneously. A publicly available exploit exists (GitHub issue #202); no CISA KEV listing at time of analysis. The fix has been merged upstream (PR #205, commit 5b37be25).
Server-side request forgery in blender-mcp's ZIP File Handler allows authenticated remote attackers to manipulate the zip_file_url parameter in import_generated_asset_hunyuan, causing the MCP server to issue arbitrary outbound HTTP requests on behalf of the attacker - including to internal network resources such as cloud metadata endpoints. All rolling-release commits up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b are affected, per CPE cpe:2.3:a:ahujasid:blender-mcp:*:*:*:*:*:*:*:*. A publicly available exploit exists via GitHub issue #203 (E:P confirmed in CVSS temporal vector), though no CISA KEV listing exists at time of analysis.
Server-Side Request Forgery and arbitrary file read in ahujasid/blender-mcp allows authenticated remote attackers to exfiltrate local filesystem content or pivot to internal network services via unsanitized manipulation of the input_image_url parameter in the generate_hunyuan3d_model function (src/blender_mcp/server.py). The parameter is passed without validation directly to both open() for local file reads and requests.get() for remote fetches, enabling path traversal and SSRF primitives simultaneously. A publicly available exploit exists (GitHub issue #202); no CISA KEV listing at time of analysis. The fix has been merged upstream (PR #205, commit 5b37be25).