CVE-2026-10280 - Vulnerability Details

- horizon921 mcpilot MCP API Call Endpoint route.ts server-side request forgery

Description

A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-06-01

Score: 6.9 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a server‑side request forgery (SSRF) in horizon921 mcpilot 0.1.0. The file client/src/app/api/mcp/call/route.ts contains an unvalidated parameter, serverBaseUrl, that an attacker can manipulate. By sending a specially crafted request to the MCP API Call Endpoint, the server will issue outbound HTTP requests to arbitrary URLs chosen by the attacker. This can be used to exfiltrate data, access internal services, or pivot to other targets. The flaw is exploitable remotely and publicly available exploits have already been released. The issue remains unaddressed by the maintainers.

Affected Systems

Horizon921 mcpilot version 0.1.0 is affected. No other versions are listed as vulnerable. The vulnerability resides in the MCP API Call Endpoint component located in client/src/app/api/mcp/call/route.ts.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. EPSS is not reported, so the probabilistic likelihood of exploitation cannot be quantified from the data. The vulnerability is not recorded in the CISA KEV catalog, suggesting it may not yet be widely exploited in the wild, but public exploit code is available. Attackers can launch the exploit remotely by targeting the API endpoint and manipulating the serverBaseUrl parameter. Given the remote nature and public availability of exploit code, the risk to systems running the vulnerable version is considerable and warrants prompt remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

horizon921

mcpilot

affected

Version	Status	Constraints
`0.1.0`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an updated release of horizon921 mcpilot that removes the SSRF flaw or, if a patch is unavailable,
Restrict the application’s outbound network traffic so that it can only reach trusted internal services and block outbound connections to arbitrary internet addresses.
Implement server‑side input validation for the serverBaseUrl parameter to ensure it matches a whitelist of approved domains or protocols, rejecting any attempts to reach hostile or external hosts.

Generated by OpenCVE AI on June 1, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/horizon921/mcpilot/
https://github.com/horizon921/mcpilot/issues/1
https://vuldb.com/cve/CVE-2026-10280
https://vuldb.com/submit/825426
https://vuldb.com/vuln/367573
https://vuldb.com/vuln/367573/cti

History

Mon, 01 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in horizon921 mcpilot 0.1.0. The impacted element is an unknown function of the file client/src/app/api/mcp/call/route.ts of the component MCP API Call Endpoint. The manipulation of the argument serverBaseUrl results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title		horizon921 mcpilot MCP API Call Endpoint route.ts server-side request forgery
First Time appeared		Horizon921 Horizon921 mcpilot
Weaknesses		CWE-918
CPEs		cpe:2.3:a:horizon921:mcpilot::::::::
Vendors & Products		Horizon921 Horizon921 mcpilot
References		https://github.com/horizon921/mcpilot/ https://github.com/horizon921/mcpilot/issues/1 https://vuldb.com/cve/CVE-2026-10280 https://vuldb.com/submit/825426 https://vuldb.com/vuln/367573 https://vuldb.com/vuln/367573/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Horizon921 Mcpilot

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-01T18:00:12.383Z

Updated: 2026-06-01T18:00:12.383Z

Reserved: 2026-05-31T16:16:22.553Z

Link: CVE-2026-10280

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-01T19:16:20.860

Modified: 2026-06-01T19:16:20.860

Link: CVE-2026-10280

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T20:30:17Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object