CVE-2026-5607: SSRF in mcp-browser-agent < 0.8.0
Plattform
nodejs
Komponente
mcp-browser-agent
CVE-2026-5607 is a server-side request forgery (SSRF) vulnerability affecting the imprvhub mcp-browser-agent component. Exploitation involves manipulating URL parameters within the CallToolRequestSchema handler, potentially allowing attackers to initiate requests on behalf of the server. This vulnerability impacts versions 0.1.0 through 0.8.0 of the component and poses a risk of unauthorized access and data exposure. As of the publication date, no official patch has been released.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5607?
CVE-2026-5607 is a server-side request forgery (SSRF) vulnerability found in the imprvhub mcp-browser-agent component. It allows attackers to manipulate URL parameters to make requests to internal resources or external systems as if they were originating from the server.
Am I affected by CVE-2026-5607?
You are potentially affected if you are using imprvhub mcp-browser-agent versions 0.1.0 through 0.8.0. The vulnerability resides in the URL Parameter Handler and can be exploited remotely.
How can I fix or mitigate CVE-2026-5607?
Currently, no official patch is available for CVE-2026-5607. Mitigation strategies may include input validation and sanitization of URL parameters to prevent malicious requests. Consider upgrading to a future version if a patch is released.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten