CVE-2026-39885 | agentfront frontmcp/adapters/sdk/mcp-from-openapi Model Context Protocol initialize ref server-side request forgery (GHSA-v6ph-xcq9-qxxj)

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability classified as critical was found in agentfront frontmcp, adapters, sdk and mcp-from-openapi. This affects the function initialize of the component Model Context Protocol. The manipulation of the argument ref results in server-side request forgery.

This vulnerability is identified as CVE-2026-39885. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-39885 | agentfront frontmcp/adapters/sdk/mcp-from-openapi Model Context Protocol initialize ref server-side request forgery (GHSA-v6ph-xcq9-qxxj)

Post correlati

CVE-2024-9555 | D-Link DIR-605L 2.13B01 BETA formSetEasy_Wizard curTime buffer overflow

CVE-2025-21724 | Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1 iova_bitmap_offset_to_index out-of-bounds

CVE-2026-34072 | fccview cronmaster up to 2.1.x improper authentication (GHSA-9whh-mffv-xvh6)

CVE-2024-3894 | Rbs Image Gallery Plugin up to 3.2.19 on WordPress Image Title cross site scripting