CVE-2026-5607 | imprvhub mcp-browser-agent up to 0.8.0 URL Parameter src/handlers.ts CallToolRequestSchema request.params.name/request.params.arguments server-side request forgery

A vulnerability was found in imprvhub mcp-browser-agent up to 0.8.0. It has been rated as critical. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler. The manipulation of the argument request.params.name/request.params.arguments leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2026-5607. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5607 | imprvhub mcp-browser-agent up to 0.8.0 URL Parameter src/handlers.ts CallToolRequestSchema request.params.name/request.params.arguments server-side request forgery

Post correlati

CVE-2024-0053 | Google Android PrintManagerService.java getCustomPrinterIcon information disclosure

CVE-2025-5265 | Mozilla Firefox up to 138 on Windows Copy as cURL Remote Code Execution

CVE-2024-8381 | Mozilla Firefox up to 129.x Property Name Lookup type confusion

CVE-2025-49112 | Valkey up to 8.1.1 networking.c setDeferredReply integer underflow