CVE-2026-39885 | agentfront frontmcp/adapters/sdk/mcp-from-openapi Model Context Protocol initialize ref server-side request forgery (GHSA-v6ph-xcq9-qxxj)

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability classified as critical was found in agentfront frontmcp, adapters, sdk and mcp-from-openapi. This affects the function initialize of the component Model Context Protocol. The manipulation of the argument ref results in server-side request forgery.

This vulnerability is identified as CVE-2026-39885. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-39885 | agentfront frontmcp/adapters/sdk/mcp-from-openapi Model Context Protocol initialize ref server-side request forgery (GHSA-v6ph-xcq9-qxxj)

Post correlati

CVE-2024-8352 | Social Web Suite Plugin up to 4.1.11 on WordPress path traversal

CVE-2024-22492 | JFinalcms 5.0.0 /gusetbook/save contact cross site scripting

CVE-2023-51157 | ZKTeco WDMS 5.1.3 Emp Name cross site scripting

CVE-2023-51127 | FLIR AX8 up to 1.46.16 Symbolic Link File path traversal