CVE-2026-5832 | atototo api-lab-mcp up to 0.2.1 HTTP Interface src/mcp/http-server.ts source/url server-side request forgery

A vulnerability, which was classified as critical, has been found in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery.

This vulnerability is tracked as CVE-2026-5832. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-5832 | atototo api-lab-mcp up to 0.2.1 HTTP Interface src/mcp/http-server.ts source/url server-side request forgery

Post correlati

CVE-2024-10316 | jetmonsters Stratum Plugin up to 1.4.4 on WordPress Template Data content-switcher.php information disclosure

TP-Link TL-WR841N ated_tp command injection (ZDI-23-1624)

CVE-2024-13194 | Sucms 1.0 admin_members.php?ac=search uid sql injection

CVE-2026-3380 | Tenda F453 1.0.0.3 /goform/L7Im frmL7ImForm page buffer overflow