CVE-2026-7147
Deferred Deferred - Pending Action
Server-Side Request Forgery in JoeCastrom mcp-chat-studio LLM API

Publication date: 2026-04-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-27
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2026-04-27
EPSS Evaluated
2026-05-05
NVD
CVE-2026-7147
EUVD
EUVD-2026-25906
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
joecastrom mcp-chat-studio to 1.5.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-7147 is a Server-Side Request Forgery (SSRF) vulnerability found in the mcp-chat-studio project, specifically in the file server/routes/llm.js and related workflow execution components.

The issue arises because user-controlled input, such as the HTTP request parameter req.query.base_url and parts of the request body (llmConfig), are used directly in outbound HTTP requests without proper validation or sanitization.

This allows an attacker to manipulate these parameters to make the server send HTTP requests to arbitrary URLs, including internal network addresses or cloud metadata services, potentially exposing sensitive internal resources.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing attackers to make the vulnerable server perform HTTP requests to arbitrary destinations, including internal or protected network resources.

  • Confidentiality risk: Attackers may access sensitive internal data or cloud metadata endpoints.
  • Integrity risk: Depending on the internal APIs, attackers might trigger state-changing operations, though this risk is lower.
  • Availability risk: Attackers could cause denial of service by flooding requests or triggering long-running operations.

Overall, the vulnerability can lead to unauthorized information disclosure and potential disruption of services.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to exploit the Server-Side Request Forgery (SSRF) via the vulnerable HTTP endpoints that accept user-controlled URLs.

Two example commands to test for the vulnerability are:

  • Using curl to test the /api/llm/models endpoint by supplying a base_url parameter that points to an internal or attacker-controlled server: curl -s 'http://127.0.0.1:3000/api/llm/models?base_url=http://127.0.0.1:11434'
  • Using curl to test the workflow execution endpoint with an attacker-supplied LLM base URL in the JSON body: curl -s http://127.0.0.1:3000/api/workflows/test/execute -H 'Content-Type: application/json' -d '{"input":"hello","llmConfig":{"provider":"openai","base_url":"http://127.0.0.1:8000","api_key":"x","model":"gpt-4o-mini"}}'

Successful responses or unexpected outbound requests from the server to the specified URLs indicate the presence of the SSRF vulnerability.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include implementing strict validation and filtering of user-supplied URLs to prevent SSRF exploitation.

  • Implement strict allowlists for URL schemes, hosts, ports, and paths to restrict outbound requests.
  • Reject requests targeting loopback addresses, link-local addresses, RFC1918 private IP ranges, and cloud metadata services after DNS resolution and redirect handling.
  • Disable or restrict user-supplied fetch/navigation targets unless explicitly required by business logic.
  • Add authentication, authorization, audit logging, and rate limiting on sensitive endpoints to reduce attack surface.

Long-term fixes include removing direct flow of attacker-controlled input to outbound HTTP request functions and adding schema validation at the application boundary.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The CVE-2026-7147 vulnerability is a Server-Side Request Forgery (SSRF) issue that can lead to high confidentiality risks if internal HTTP services or cloud metadata endpoints are accessed. This exposure of sensitive data could potentially impact compliance with data protection regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Because the vulnerability allows attackers to make arbitrary HTTP requests from the server, it may lead to unauthorized disclosure of sensitive data, violating confidentiality requirements mandated by these standards.

Mitigations such as strict allowlists, authentication, authorization, and audit logging are recommended to reduce the risk and help maintain compliance with these regulations.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart