CVE-2026-7094
Server-Side Request Forgery in GlutamateMCPServers Puppeteer Component
Publication date: 2026-04-27
Last updated on: 2026-05-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shadowclonelabs | glutamate_mcp_servers | to 2025-06-26 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7094 is a Server-Side Request Forgery (SSRF) vulnerability found in the puppeteer_navigate component of ShadowCloneLabs GlutamateMCPServers. The issue occurs because the application accepts a user-supplied URL argument and directly passes it to the Puppeteer page.goto method without any validation or allowlisting.
This means an attacker with network access to the MCP/HTTP interface can force the server's headless browser to navigate to arbitrary URLs, including internal services or restricted resources, potentially exposing sensitive information or enabling further attacks.
The root cause is the lack of sanitization of the user-controlled URL in the source code file src/puppeteer/index.ts, specifically where await page.goto(args.url) is called.
How can this vulnerability impact me? :
This vulnerability can have critical impacts on confidentiality, integrity, and availability of the affected system.
- Confidentiality: An attacker can access sensitive host or system data by forcing the server to make requests to internal or restricted resources.
- Integrity: The attacker may alter the server state by exploiting the SSRF to interact with internal services.
- Availability: The vulnerability could be used to disrupt services, causing denial of service or other availability issues.
The CVSS v3.1 base score is suggested as 10.0 (Critical), indicating a high severity impact if exploited.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and analyzing requests to the MCP/HTTP interface, specifically those invoking the puppeteer_navigate method with user-supplied URL arguments. Detection involves identifying JSON-RPC requests that include URL parameters potentially pointing to internal or unauthorized addresses.
A proof-of-concept involves sending a JSON-RPC request to the vulnerable endpoint with a URL parameter such as "http://127.0.0.1:8000" to observe if the server navigates to internal or restricted resources.
Suggested commands for detection include using network monitoring tools like tcpdump or Wireshark to capture HTTP traffic to the MCP interface and grep or jq to filter JSON-RPC requests containing the puppeteer_navigate method and URL parameters.
- Use tcpdump to capture traffic on the MCP HTTP port: tcpdump -i <interface> port <MCP_HTTP_port> -w capture.pcap
- Analyze captured traffic with Wireshark or tshark to filter JSON-RPC requests: tshark -r capture.pcap -Y 'http.request and frame contains "puppeteer_navigate"'
- Extract and inspect JSON payloads for suspicious URL parameters using jq: jq '.params.url' < captured_requests.json
Additionally, reviewing server logs for requests to the puppeteer_navigate handler with unusual or internal IP addresses in the URL parameter can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enforcing strict URL allowlists for outbound requests made by the puppeteer_navigate component. This means only allowing navigation to approved schemes, hosts, ports, and paths.
Block requests to loopback addresses (e.g., 127.0.0.1), link-local addresses, RFC1918 private IP ranges, and cloud metadata endpoints after DNS resolution and redirect handling to prevent SSRF exploitation.
Implement authentication and authorization controls on the MCP/HTTP handlers, especially those exposing the puppeteer_navigate functionality, to restrict access to trusted users only.
Add logging and rate limiting on sensitive endpoints to detect and prevent abuse.
From a development perspective, remove the direct flow of user-controlled URL data to the Puppeteer page.goto sink by implementing input schema validation at MCP/HTTP boundaries and adding regression tests to prevent such vulnerabilities.
Monitor the official repository and security advisories for patches and updates that fix this vulnerability and apply them as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability CVE-2026-7094 is a Server-Side Request Forgery (SSRF) that can lead to unauthorized information disclosure, alteration of server state, and service disruption. Such impacts on confidentiality, integrity, and availability can potentially cause non-compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
Specifically, the SSRF vulnerability allows attackers to access internal services and sensitive data, which may include personal or protected health information. This exposure risks violating data protection requirements under GDPR and HIPAA.
Mitigations such as strict URL allowlisting, blocking access to internal IP ranges, and adding authentication and logging are recommended to reduce the risk and help maintain compliance.