Vendor
A server-side request forgery vulnerability exists in TencentCloudBase CloudBase-MCP up to version 2.17.0, allowing remote attackers to manipulate the `req.body.url` argument in the `openUrl` function of `mcp/src/interactive-server.ts` to conduct SSRF attacks.