Platform
nodejs
Component
mcp-from-openapi
Fixed in
1.0.5
1.0.5
1.0.5
2.3.1
2.3.0
CVE-2026-39885 describes a Server-Side Request Forgery (SSRF) vulnerability within the mcp-from-openapi Node.js library. This flaw arises from the library's use of @apidevtools/json-schema-ref-parser without proper URL restrictions when resolving $ref pointers in OpenAPI specifications. Exploitation allows attackers to trigger requests to internal network addresses, cloud metadata endpoints, or even read local files, potentially leading to sensitive data exposure and system compromise. The vulnerability affects versions 2.1.2 and earlier, with a fix available in version 2.3.0.
An attacker can exploit CVE-2026-39885 by crafting a malicious OpenAPI specification containing $ref pointers that point to sensitive internal resources. This could include accessing metadata services (e.g., AWS EC2 instance metadata), internal databases, or even reading local files on the server hosting the application using the library. The impact extends beyond simple information disclosure; an attacker could potentially use the SSRF vulnerability to interact with internal services, escalate privileges, or even execute arbitrary code if those services are vulnerable. The blast radius is significant, as any application using the vulnerable mcp-from-openapi library to process untrusted OpenAPI specifications is at risk. This vulnerability shares similarities with other SSRF exploits where attackers leverage a service's ability to make outbound requests to gain unauthorized access.
CVE-2026-39885 was publicly disclosed on 2026-04-08. The EPSS score is currently pending evaluation, but the SSRF nature of the vulnerability suggests a potential for medium to high exploitation probability, especially given the ease of crafting malicious OpenAPI specifications. No public proof-of-concept (PoC) code has been released as of this writing, but the vulnerability is relatively straightforward to exploit, increasing the likelihood of PoC development and potential exploitation in the wild.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-39885 is to upgrade to version 2.3.0 or later of the mcp-from-openapi library. If upgrading is not immediately feasible, consider implementing temporary workarounds. One approach is to restrict the URLs that the @apidevtools/json-schema-ref-parser library is allowed to access. This can be achieved by configuring a custom resolver that validates the $ref URLs against a whitelist. Another option is to sanitize the OpenAPI specifications before processing them, removing or modifying any potentially malicious $ref pointers. After upgrading, confirm the fix by attempting to process a known malicious OpenAPI specification and verifying that the library no longer attempts to access the targeted internal resource.
Update to version 2.3.0 or higher of FrontMCP to mitigate the SSRF vulnerability. This version fixes the issue by restricting the URLs that can be accessed during the OpenAPI specification initialization process.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-39885 is a Server-Side Request Forgery (SSRF) vulnerability in the mcp-from-openapi Node.js library, allowing attackers to access internal resources through malicious OpenAPI specifications.
You are affected if you are using mcp-from-openapi versions 2.1.2 or earlier and process untrusted OpenAPI specifications.
Upgrade to version 2.3.0 or later of the mcp-from-openapi library. Alternatively, implement URL restrictions or sanitize OpenAPI specifications.
While no active exploitation has been confirmed, the vulnerability is relatively straightforward to exploit, increasing the risk of future exploitation.
Refer to the mcp-from-openapi project's release notes and security advisories on their GitHub repository for official information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.