CVE-2026-10690
Deferred Deferred - Pending Action
Server-Side Request Forgery in wonderwhy-er DesktopCommanderMCP

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: VulDB

Description
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 53699bebba9950047bca16ac4dc8f0568f596aaa. It is best practice to apply a patch to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-10690
EUVD
EUVD-2026-34053
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wonderwhy-er desktopcommandermcp 0.2.37
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10690 is a Server-Side Request Forgery (SSRF) vulnerability found in the readFileFromUrl function of the read_file component in wonderwhy-er DesktopCommanderMCP version 0.2.37.

The vulnerability occurs because the function accepts a user-supplied URL and passes it directly to the fetch() API without any validation. This allows an attacker to make arbitrary HTTP requests from the server to internal network services, cloud metadata endpoints, or any host accessible from the server.

An attacker can exploit this by injecting a malicious URL, causing the server to fetch data from internal or sensitive resources and return the response, potentially exposing sensitive information.

Impact Analysis

This vulnerability can impact you by allowing attackers to perform unauthorized requests from the vulnerable server to internal or protected resources.

Such exploitation can lead to exposure of sensitive data, including cloud instance metadata, internal APIs, or other private network services that are normally inaccessible externally.

Attackers might use this to gather information for further attacks, access confidential data, or disrupt internal services.

Detection Guidance

This vulnerability can be detected by monitoring for unexpected or unauthorized HTTP requests originating from the DesktopCommanderMCP server to internal or sensitive endpoints, such as cloud metadata services or internal IP ranges.

A proof of concept involves sending a request to an internal URL like http://127.0.0.1:9999/ssrf-test and observing if the server issues the request, indicating SSRF exploitation.

To detect exploitation attempts, you can monitor network traffic for outbound requests to internal IP addresses or unusual URLs triggered by the application.

  • Use network monitoring tools (e.g., tcpdump, Wireshark) to capture outbound HTTP requests from the DesktopCommanderMCP server.
  • Check application logs or MCP Inspector logs for calls to the read_file tool with the isUrl parameter set to true and URLs pointing to internal or sensitive endpoints.
  • Example command to monitor outbound HTTP requests on the server (replace eth0 with the relevant interface): tcpdump -i eth0 -nn -s0 -A 'tcp port 80 or tcp port 443'
  • Use curl or similar tools to test if the server fetches internal URLs when invoked via the DesktopCommanderMCP interface.
Mitigation Strategies

The immediate mitigation step is to apply the patch identified by commit 53699bebba9950047bca16ac4dc8f0568f596aaa, which introduces strict URL validation and disables redirects in the vulnerable readFileFromUrl function.

This patch blocks non-HTTP(S) schemes, loopback addresses, private IP ranges, link-local addresses, common internal hostnames, and mDNS hostnames, preventing SSRF exploitation.

Additional recommended mitigations include:

  • Disabling or restricting the use of the read_file tool's URL fetching feature unless explicitly required and configured.
  • Implementing network-level controls such as firewall rules to block outbound requests from the DesktopCommanderMCP server to internal IP ranges or sensitive endpoints.
  • Monitoring and logging usage of the read_file tool to detect suspicious activity.
Compliance Impact

The vulnerability allows an attacker to perform server-side request forgery (SSRF) that can lead to unauthorized access to internal network services, cloud metadata endpoints, or sensitive internal APIs. This could potentially expose sensitive data, which may include personal or protected information.

Such unauthorized data exposure and access could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls over access to sensitive and personal data to prevent data breaches.

The vulnerability increases the risk of data leakage and unauthorized internal network access, which are critical concerns under these regulations, potentially leading to non-compliance if exploited.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10690. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart