Glutamatemcpservers
Monthly
Server-side request forgery in ShadowCloneLabs GlutamateMCPServers allows remote unauthenticated attackers to manipulate the 'url' parameter in the puppeteer_navigate component (src/puppeteer/index.ts), potentially accessing internal resources or conducting network reconnaissance. A publicly available proof-of-concept exploit exists (GitHub). EPSS data not available, but CVSS 7.3 (High) with network vector, low complexity, and no authentication requirements indicates significant accessibility. The vendor has not responded to early disclosure via GitHub issue #8, and no patch timeline exists due to the project's rolling release model.
Server-side request forgery in ShadowCloneLabs GlutamateMCPServers allows remote unauthenticated attackers to manipulate the 'url' parameter in the puppeteer_navigate component (src/puppeteer/index.ts), potentially accessing internal resources or conducting network reconnaissance. A publicly available proof-of-concept exploit exists (GitHub). EPSS data not available, but CVSS 7.3 (High) with network vector, low complexity, and no authentication requirements indicates significant accessibility. The vendor has not responded to early disclosure via GitHub issue #8, and no patch timeline exists due to the project's rolling release model.