{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/tencentcloudbase/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7221"}],"_cs_exploited":false,"_cs_products":["CloudBase-MCP"],"_cs_severities":["high"],"_cs_tags":["SSRF","CVE-2026-7221","TencentCloudBase"],"_cs_type":"advisory","_cs_vendors":["TencentCloudBase"],"content_html":"\u003cp\u003eA server-side request forgery (SSRF) vulnerability has been identified in TencentCloudBase CloudBase-MCP, affecting versions up to 2.17.0. The vulnerability resides in the \u003ccode\u003eopenUrl\u003c/code\u003e function within the \u003ccode\u003emcp/src/interactive-server.ts\u003c/code\u003e file. This flaw enables a remote attacker to manipulate the \u003ccode\u003ereq.body.url\u003c/code\u003e argument passed to the open-url API Endpoint, forcing the server to make requests to arbitrary internal or external resources. Successful exploitation could lead to information disclosure, internal network scanning, or denial-of-service. The vulnerability is publicly known and actively exploitable. Users are advised to upgrade to version 2.17.1, which includes a patch (identified as 3f678a1e7bd400cd76469d61024097d4920dc6b5) to address this issue.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a CloudBase-MCP instance running a vulnerable version (\u0026lt;= 2.17.0).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting the \u003ccode\u003eopenUrl\u003c/code\u003e API endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a \u003ccode\u003ereq.body.url\u003c/code\u003e parameter containing a URL pointing to an internal resource (e.g., \u003ccode\u003ehttp://localhost:8080/admin\u003c/code\u003e) or an external server controlled by the attacker.\u003c/li\u003e\n\u003cli\u003eThe CloudBase-MCP server, without proper validation, processes the request and attempts to open the URL specified in \u003ccode\u003ereq.body.url\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eIf the URL points to an internal resource, the server retrieves the content of that resource and potentially exposes it to the attacker.\u003c/li\u003e\n\u003cli\u003eIf the URL points to an external server, the server makes an HTTP request to the attacker\u0026rsquo;s server, potentially leaking sensitive information like internal IP addresses or API keys.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the response from the server to gather information about the internal network or the CloudBase-MCP instance.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the gathered information to further compromise the CloudBase-MCP instance or the internal network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SSRF vulnerability can allow attackers to read sensitive information from internal services, bypass firewall restrictions, and potentially gain unauthorized access to internal resources. This could lead to the disclosure of confidential data, compromise of internal systems, and further attacks on the organization\u0026rsquo;s infrastructure. Although the number of victims isn\u0026rsquo;t specified, any unpatched CloudBase-MCP instance is vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade TencentCloudBase CloudBase-MCP to version 2.17.1 or later to apply the patch (3f678a1e7bd400cd76469d61024097d4920dc6b5) that fixes CVE-2026-7221.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003ereq.body.url\u003c/code\u003e parameter to prevent manipulation by attackers.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to the \u003ccode\u003eopenUrl\u003c/code\u003e API endpoint with unusual or internal URLs, and deploy the Sigma rules below.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-02-cloudbase-ssrf/","summary":"A server-side request forgery vulnerability exists in TencentCloudBase CloudBase-MCP up to version 2.17.0, allowing remote attackers to manipulate the `req.body.url` argument in the `openUrl` function of `mcp/src/interactive-server.ts` to conduct SSRF attacks.","title":"TencentCloudBase CloudBase-MCP Server-Side Request Forgery Vulnerability (CVE-2026-7221)","url":"https://feed.craftedsignal.io/briefs/2024-01-02-cloudbase-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — TencentCloudBase","version":"https://jsonfeed.org/version/1.1"}