CVE-2026-10280
Received Received - Intake
Server-Side Request Forgery in MCPilot 0.1.0

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-02
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-10280
EUVD
EUVD-2026-33738
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
horizon921 mcpilot 0.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-10280 is a Server-Side Request Forgery (SSRF) vulnerability found in the MCPilot project, specifically in the MCP API Call Endpoint located in the file client/src/app/api/mcp/call/route.ts.

The vulnerability occurs because the API route accepts a user-controlled parameter called serverBaseUrl, which is used in multiple server-side fetch calls without proper validation.

This lack of validation allows an attacker to manipulate the serverBaseUrl argument to make the server send requests to arbitrary internal or external URLs, including localhost or private network addresses.

As a result, an attacker can force the server to connect to internal services or attacker-controlled endpoints remotely, potentially exposing sensitive internal data or causing other harmful effects.


How can this vulnerability impact me? :

This SSRF vulnerability can have serious security impacts including confidentiality, integrity, and availability risks.

  • An attacker can access internal services that are normally not exposed externally, potentially leaking sensitive information.
  • The attacker may modify or interfere with internal services reachable by the server, impacting data integrity.
  • It can be used to force connections to sensitive endpoints, which might lead to denial of service or other disruptions.

Because the exploit is publicly available and the vulnerability can be triggered remotely without authentication, the risk of exploitation is high.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring requests sent to the vulnerable API endpoint `/api/mcp/call` that include a user-controlled `serverBaseUrl` parameter. Suspicious or unexpected outbound requests from the server to internal or private network addresses, especially localhost or RFC1918 IP ranges, may indicate exploitation attempts.

To detect exploitation attempts, you can inspect network traffic or server logs for requests targeting the `/api/mcp/call` route with unusual `serverBaseUrl` values.

Example commands to help detect this vulnerability include:

  • Using curl to test the vulnerable endpoint with a crafted `serverBaseUrl` parameter: curl -v -X POST 'http://<target-server>/api/mcp/call' -H 'Content-Type: application/json' -d '{"serverBaseUrl":"http://127.0.0.1:8765"}'
  • Using network monitoring tools like tcpdump or Wireshark to capture outbound requests from the server to internal IP addresses: tcpdump -i <interface> host 127.0.0.1 or net 192.168.0.0/16
  • Checking server logs for requests to `/api/mcp/call` with suspicious parameters, for example using grep: grep '/api/mcp/call' /var/log/nginx/access.log | grep 'serverBaseUrl'

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting and validating the `serverBaseUrl` parameter to prevent SSRF attacks.

  • Implement an allowlist of trusted MCP servers for the `serverBaseUrl` parameter, blocking any requests to localhost, private network ranges, or other unauthorized hosts.
  • Block requests targeting loopback addresses, RFC1918 private networks, link-local addresses, and metadata services at the application or network level.
  • Require authentication for accessing the MCP proxy calls to limit who can send requests to the vulnerable endpoint.
  • Validate the scheme, hostname, and port of the `serverBaseUrl` parameter before making any outbound requests.

Additionally, monitor for any suspicious activity and apply patches or updates once the maintainer releases a fix.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The CVE-2026-10280 vulnerability is a Server-Side Request Forgery (SSRF) flaw that allows attackers to make the server connect to internal or attacker-controlled endpoints, potentially exposing sensitive internal service responses or modifying internal services.

Such a vulnerability can impact compliance with common standards and regulations like GDPR and HIPAA because it may lead to unauthorized access or disclosure of sensitive data, violating confidentiality and integrity requirements mandated by these regulations.

Specifically, the ability to access internal services or metadata endpoints could result in exposure of personal data or protected health information, which would be a breach under GDPR and HIPAA rules.

Therefore, without proper mitigation such as input validation, access controls, and network restrictions, this vulnerability poses a significant risk to regulatory compliance.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart