Description
A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability was found in the getAssetMetadata function of the aem‑mcp‑server project. The function accepts an assetPath argument that is passed unchanged to Axios to fetch a resource. An attacker can supply a crafted assetPath that causes the server to issue an HTTP request to an arbitrary host chosen by the attacker. This is a classic server‑side request forgery (SSRF). The SSRF can allow the attacker to read internal API responses, reach protected services, or exhaust network resources. The payload is delivered entirely from a remote web request, so an attacker with network access to the host running the server can trigger it without any local code execution on the server. The impact therefore is potential data exfiltration or privilege escalation within the internal network.

Affected Systems

The affected product is the open‑source aem‑mcp‑server repository maintained by indrasishbanerjee. The official identifiers list the component as aem‑mcp‑server, and the vulnerability exists in all code reachable before the commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. The project does not maintain a versioning scheme, making it difficult to map the vulnerability to a specific release. Users relying on the default distribution of the repository should assume the code presently in use is affected until an upstream fix is released.

Risk and Exploitability

According to the CVSS, the problem scores 5.3, representing moderate risk. The exploit is exploitable over the network, and the public disclosure means tools or scripts can be found to leverage it, yet no EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. Because the vulnerability is implemented in a public‑facing API, the likelihood of exploitation in the wild depends on how broadly the server is exposed. An attacker who can interact with the API can submit a crafted assetPath and force the server to reach arbitrary destinations, potentially obtaining sensitive internal data or service information. If the server has unrestricted outbound access, the SSRF could also be used to pivot to other internal hosts.

Generated by OpenCVE AI on June 1, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy a web‑application firewall or internal proxy that blocks outbound requests to internal network addresses and whitelists only safe endpoints
  • Validate and sanitize the assetPath before passing it to Axios to restrict it to known safe URLs or hostnames
  • Update the repository to code after the vulnerability commit or remove the getAssetMetadata endpoint until an official fix is released

Generated by OpenCVE AI on June 1, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Title indrasishbanerjee aem-mcp-server Axios Request Flow mcp-server.ts getAssetMetadata server-side request forgery
First Time appeared Indrasishbanerjee
Indrasishbanerjee aem-mcp-server
Weaknesses CWE-918
CPEs cpe:2.3:a:indrasishbanerjee:aem-mcp-server:*:*:*:*:*:*:*:*
Vendors & Products Indrasishbanerjee
Indrasishbanerjee aem-mcp-server
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Indrasishbanerjee Aem-mcp-server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T17:42:35.824Z

Reserved: 2026-05-31T14:23:07.678Z

Link: CVE-2026-10274

cve-icon Vulnrichment

Updated: 2026-06-01T17:42:19.940Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T17:16:44.070

Modified: 2026-06-01T17:57:16.380

Link: CVE-2026-10274

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:54:12Z

Weaknesses
  • CWE-918

    Server-Side Request Forgery (SSRF)