CVE-2026-7158 | dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6 server.py _validate_url_safe url server-side request forgery

A vulnerability described as critical has been identified in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery.

This vulnerability is documented as CVE-2026-7158. The attack can be executed remotely. Additionally, an exploit exists.

This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7158 | dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6 server.py _validate_url_safe url server-side request forgery

Post correlati

CVE-2025-1259 | Arista EOS up to 4.33.1 OpenConfig access control

CVE-2025-40631 | Icewarp Mail Server 11.4.0 HTTP Header Host http headers for scripting syntax

CVE-2024-30110 | HCL DRYiCE AEX 10 information disclosure (KB0114193)

CVE-2017-13309 | Google Android 8.1 ConscryptEngine.java readEncryptedData information disclosure