CVE-2026-7150 | dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b MCP Tool server.py generate_favicon_from_url image_url server-side request forgery

A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b and classified as critical. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the component MCP Tool. The manipulation of the argument image_url results in server-side request forgery.

This vulnerability was named CVE-2026-7150. The attack may be performed from remote. In addition, an exploit is available.

This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7150 | dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b MCP Tool server.py generate_favicon_from_url image_url server-side request forgery

Post correlati

CVE-2024-39560 | Juniper Networks Junos OS/Junos OS Evolved Routing Protocol Daemon exceptional condition (JSA83020)

CVE-2024-41147 | Miniaudio 0.11.21 ma_dr_flac__decode_samples__lpc heap-based overflow (TALOS-2024-2063)

CVE-2024-46531 | PHPGurukul Vehicle Record Management System 1.0 /index.php searchinputdata sql injection

CVE-2024-51030 | SourceCodester Cab Management System 1.0 manage_client.php id sql injection