Tag

Cve-2026-45609

1 brief RSS

Spring AI MCP Security Unvalidated URL Fetching (SSRF)

The mcp-security framework fails to implement SSRF mitigations outlined in the Model Context Protocol, processing untrusted URLs for OAuth-related discovery and metadata without verification, affecting installations with Dynamic Client Registration (DCR) enabled and exposing them to potential Server-Side Request Forgery (SSRF) attacks, tracked as CVE-2026-45609.

mcp-client-security ssrf spring-ai oauth cve-2026-45609

2r 1t 2d ago