Plattform
nodejs
Komponente
mcp-from-openapi
Behoben in
1.0.5
1.0.5
1.0.5
2.3.1
2.3.0
CVE-2026-39885 describes a Server-Side Request Forgery (SSRF) vulnerability within the mcp-from-openapi Node.js library. This flaw arises from the library's use of @apidevtools/json-schema-ref-parser without proper URL restrictions when resolving $ref pointers in OpenAPI specifications. Exploitation allows attackers to trigger requests to internal network addresses, cloud metadata endpoints, or even read local files, potentially leading to sensitive data exposure and system compromise. The vulnerability affects versions 2.1.2 and earlier, with a fix available in version 2.3.0.
An attacker can exploit this SSRF vulnerability by crafting a malicious OpenAPI specification containing $ref values that point to sensitive internal resources. This could include accessing metadata services (e.g., AWS EC2 instance metadata), internal network endpoints, or even reading local files on the server. The attacker essentially leverages the library to make requests on behalf of the application, bypassing normal security controls. The blast radius extends to any application using mcp-from-openapi to process untrusted OpenAPI specifications, potentially exposing sensitive data or enabling further attacks. This vulnerability shares similarities with other SSRF exploits where an application is tricked into making requests to unintended destinations.
CVE-2026-39885 was publicly disclosed on 2026-04-08. The EPSS score is currently pending evaluation. There are no known public proof-of-concept exploits available as of this writing, but the SSRF nature of the vulnerability makes it a likely target for exploitation. Monitor security advisories and threat intelligence feeds for any indications of active campaigns targeting this vulnerability.
Applications built with Node.js that utilize the mcp-from-openapi library to process untrusted OpenAPI specifications are at risk. This includes microservice architectures, API gateways, and any system where OpenAPI specifications are dynamically generated or received from external sources. Shared hosting environments where multiple applications share the same Node.js runtime are particularly vulnerable, as a compromised application could potentially impact others.
• nodejs / supply-chain:
npm list mcp-from-openapi
npm audit mcp-from-openapi• generic web:
curl -I <application_endpoint_processing_openapi_specs>
# Look for unexpected outbound requests in the response headers or bodydisclosure
patch
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade to version 2.3.0 of mcp-from-openapi, which includes the necessary URL restrictions to prevent malicious $ref pointer resolution. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests originating from the mcp-from-openapi library that target internal or potentially malicious URLs. Additionally, carefully validate and sanitize any OpenAPI specifications before processing them with mcp-from-openapi. Restrict the allowed schemas to trusted sources. There are no specific Sigma or YARA patterns available for this vulnerability at this time.
Aktualisieren Sie auf Version 2.3.0 oder höher von FrontMCP, um die SSRF-Vulnerabilität zu beheben. Diese Version behebt das Problem, indem die während des OpenAPI-Spezifikationsinitialisierungsprozesses zugreifbaren URLs eingeschränkt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-39885 is a Server-Side Request Forgery (SSRF) vulnerability in the mcp-from-openapi Node.js library, allowing attackers to access internal resources through malicious OpenAPI specifications.
You are affected if you are using mcp-from-openapi versions 2.1.2 or earlier and process untrusted OpenAPI specifications.
Upgrade to version 2.3.0 or later of the mcp-from-openapi library. Alternatively, implement URL restrictions or sanitize OpenAPI specifications.
While no active exploitation has been confirmed, the vulnerability is relatively straightforward to exploit, increasing the risk of future exploitation.
Refer to the mcp-from-openapi project's release notes and security advisories on their GitHub repository for official information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.