Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Severity:: Medium

Description

The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith() instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains (e.g., https://docs.apify.com.evil.com/), enabling the tool to fetch and return arbitrary web content to the LLM.

Recommendation

Update the @apify/actors-mcp-server package to the latest compatible version. Followings are version details:

Affected version(s): < 0.9.21
Patched version(s): 0.9.21

References

GHSA-jwp7-wg77-3w9v
CVE-2026-46341
CWE-183
CWE-20
CAPEC-310
OWASP 2021-A3
OWASP 2021-A4
OWASP 2021-A6

Related Issues

Feathers has an origin validation bypass via prefix matching - CVE-2026-27192
Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes - CVE-2026-31800
Parse Server has role escalation and CLP bypass via direct `_Join` table write - CVE-2026-30966
Parse Server has a protected fields bypass via logical query operators - CVE-2026-30962

Apache and Express Path Traversal plus Nginx Restriction Bypass Tests with SmartScanner

Exploiting Server Version Disclosure

Update Cheat Sheet for Developers

Tags:: npm; @apify/actors-mcp-server

Anything's wrong? Let us know Last updated on May 19, 2026