UNKNOWNCVE-2026-5607
imprvhub mcp-browser-agent URL Parameter handlers.ts CallToolRequestSchema server-side request forgery
Platform
nodejs
Component
mcp-browser-agent
A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
How to fix
Actualice a una versión corregida de mcp-browser-agent que solucione la vulnerabilidad de falsificación de solicitudes del lado del servidor (SSRF). Revise las fuentes oficiales de imprvhub para obtener información sobre las versiones disponibles y las instrucciones de actualización. Implemente validaciones de entrada robustas para prevenir la manipulación de parámetros de solicitud.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free