HIGH🇵🇱 Wersja polska

CVE-2026-39885

CVSS 7.5v3.1pub. 2026-04-08upd. 2026-04-15

FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during the initialize() call. This enables Server-Side Request Forgery (SSRF) and local file read attacks when processing untrusted OpenAPI specifications. This vulnerability is fixed in 2.3.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Agentfront Frontmcp

    APP
    Agentfront
    < 1.0.4
  • Agentfront \@frontmcp\/adapters

    APP
    Agentfront
    < 1.0.4
  • Agentfront \@frontmcp\/sdk

    APP
    Agentfront
    < 1.0.4
  • Frontmcp Mcp From Openapi

    APP
    Frontmcp
    < 2.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRF
CWE
References

Related vulnerabilities

CVE-2026-27597CRITICAL10.0PL ✓ten sam vendor

Ucieczka z sandboxa i RCE w Agentfront Enclave (przed wersją 2.11.1)

CVE-2026-22686CRITICAL10.0PL ✓ten sam vendor

Ucieczka z sandbox w Agentfront Enclave — RCE w środowisku Node.js

CVE-2026-25533MEDIUM6.4ten sam vendor

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existin...