top of page
perceptive_background_267k.jpg

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate…

Published:

26 april 2026 om 22:00:00

Alert date:

27 april 2026 om 22:02:51

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

A server-side request forgery (SSRF) vulnerability has been discovered in dmitryglhf mcp-url-downloader up to commit 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. The vulnerability affects the _validate_url_safe function in src/mcp_url_downloader/server.py, where manipulation of the url argument leads to SSRF. The attack can be executed remotely and the exploit has been publicly disclosed. The project uses rolling releases making version tracking unavailable. The maintainer was notified through an issue report but has not responded yet.

Technical details

Mitigation steps:

Affected products:

mcp-url-downloader

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7158
https://github.com/dmitryglhf/url-download-mcp/issues/2
https://vuldb.com/submit/802062
https://vuldb.com/vuln/359757
https://vuldb.com/vuln/359757/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page