CVE-2026-7417 | Algovate xhs-mcp 0.8.11 MCP Interface src/server/mcp.server.ts xhs_publish_content media_paths server-side request forgery

A vulnerability has been found in Algovate xhs-mcp 0.8.11 and classified as critical. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery.

This vulnerability was named CVE-2026-7417. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7417 | Algovate xhs-mcp 0.8.11 MCP Interface src/server/mcp.server.ts xhs_publish_content media_paths server-side request forgery

Post correlati

CVE-2023-51450 | BaserCMS up to 5.0.8 os command injection (GHSA-77fc-4cv5-hmfr)

CVE-2024-5122 | SourceCodester Event Registration System 1.0 /registrar/ search sql injection

CVE-2024-5381 | itsourcecode Student Information Management System 1.0 view.php studentId sql injection

CVE-2024-9206 | MAS Companies for WP Job Manager Plugin up to 1.0.13 on WordPress cross site scripting