top of page
perceptive_background_267k.jpg

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of…

Published:

31 mei 2026 om 22:00:00

Alert date:

1 juni 2026 om 20:04:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

A server-side request forgery (SSRF) vulnerability has been discovered in horizon921 mcpilot version 0.1.0. The flaw exists in an unknown function of the file client/src/app/api/mcp/call/route.ts within the MCP API Call Endpoint component. The vulnerability can be exploited remotely by manipulating the serverBaseUrl argument. A public exploit has been released and may be used for attacks. The project maintainers have been notified through an issue report but have not yet responded to the vulnerability disclosure.

Technical details

Mitigation steps:

Affected products:

horizon921 mcpilot

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-10280
https://github.com/horizon921/mcpilot/
https://github.com/horizon921/mcpilot/issues/1
https://vuldb.com/cve/CVE-2026-10280
https://vuldb.com/submit/825426
https://vuldb.com/vuln/367573
https://vuldb.com/vuln/367573/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page