auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs
- Severity:
- High
Description
No description available.
Recommendation
Update the auth-fetch-mcp package to the latest compatible version. Followings are version details:
- Affected version(s): <= 3.0.0
- Patched version(s): 3.0.1
References
Related Issues
- PDFME has SSRF via Unvalidated URL Fetch in `getB64BasePdf` When `basePdf` Is Attacker-Controlled - Vulnerability
- Novu has SSRF via conditions filter webhook bypasses validateUrlSsrf() protection - Vulnerability
- Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching - CVE-2026-46341
- Paperclip: Stored XSS via javascript: URLs in MarkdownBody — urlTransform override disables react-markdown sanitization - Vulnerability
You might also like:
- Tags:
- npm
- auth-fetch-mcp
Anything's wrong? Let us know Last updated on May 19, 2026