CVE-2026-7150
Server-Side Request Forgery in MCP Tool auto_favicon Component
Publication date: 2026-04-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dh1011 | auto_favicon | to f189116a9259950c2393f114dbcb94dde0ad864b (inc) |
| dh1011 | auto-favicon | to f189116a9259950c2393f114dbcb94dde0ad864b (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to perform server-side request forgery (SSRF), potentially exposing internal HTTP services, admin panels, and cloud metadata endpoints. This exposure can lead to unauthorized access to sensitive information, which may impact confidentiality.
Such unauthorized access and potential data exposure could negatively affect compliance with standards and regulations that require protection of sensitive data, such as GDPR and HIPAA, by increasing the risk of data breaches or unauthorized data disclosure.
Mitigations include strict URL validation, blocking requests to internal IP ranges, and restricting allowed URL schemes, which are necessary to reduce the risk and help maintain compliance with these regulations.
Can you explain this vulnerability to me?
CVE-2026-7150 is a Server-Side Request Forgery (SSRF) vulnerability found in the MCP Tool component of the auto-favicon project, specifically in the function generate_favicon_from_url located in src/auto_favicon/server.py.
The vulnerability occurs because the function does not validate the image_url argument. It lacks any allowlist, does not reject private or loopback IP addresses, does not filter redirect targets, and does not restrict URL schemes.
This allows an attacker to supply arbitrary URLs, causing the server to fetch resources from internal network addresses such as loopback (127.0.0.1), private IPs, link-local addresses, or cloud metadata endpoints.
The server performs an HTTP GET request asynchronously to the provided URL without validation and processes the fetched bytes as a favicon image, integrating this network fetch into normal business logic.
This direct use of unvalidated URLs constitutes a straightforward SSRF vulnerability that can be exploited remotely.
How can this vulnerability impact me? :
This vulnerability can have a high impact on confidentiality because it allows attackers to access internal HTTP services, admin panels, and cloud metadata endpoints that are normally protected from external access.
The integrity and availability impacts are considered low to medium, depending on how the internal services respond when accessed by the attacker.
An attacker who can invoke the vulnerable function and whose server can reach internal network destinations can exploit this to gather sensitive information or potentially interfere with internal services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized requests made by the auto-favicon MCP tool to internal or private IP addresses, such as loopback (127.0.0.1), RFC1918 private IPs, link-local addresses, or cloud metadata endpoints.
Detection can involve inspecting logs or network traffic for HTTP GET requests initiated by the server to these internal addresses, especially those triggered by the generate_favicon_from_url function.
Suggested commands to help detect exploitation attempts include:
- Using network monitoring tools like tcpdump or Wireshark to capture outgoing HTTP requests from the server to internal IP ranges.
- Example tcpdump command to monitor HTTP requests to private IP ranges: tcpdump -i <interface> 'dst net 127.0.0.0/8 or dst net 10.0.0.0/8 or dst net 172.16.0.0/12 or dst net 192.168.0.0/16 and tcp port 80'
- Checking application logs for JSON-RPC requests invoking generate_favicon_from_url with suspicious image_url parameters pointing to internal or private IP addresses.
- Using curl or similar tools to test the endpoint manually with crafted requests to see if the server fetches internal URLs, e.g.: curl -X POST -d '{"method":"generate_favicon_from_url","params":{"image_url":"http://127.0.0.1:8000/internal.png"}}' <server_endpoint>
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing strict URL validation before the server issues any network requests in the generate_favicon_from_url function.
- Block requests to loopback, RFC1918 private IP ranges, link-local, multicast, and cloud metadata IP addresses after DNS resolution.
- Restrict allowed URL schemes to HTTPS and enforce a trusted host allowlist.
- Validate all redirect targets to prevent bypassing restrictions via HTTP redirects.
- Disable the URL-based favicon generation tool when exposed to untrusted callers or networks.
These mitigations reduce the risk of server-side request forgery by preventing the server from fetching unauthorized internal resources.