Description
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Upgrading to version 1.0.6 is able to resolve this issue. The patch is identified as e3e11c9e8482bd06b82fd9fced67be4856f0dffc. It is recommended to upgrade the affected component. The vendor acknowledged the issue but provides additional context for the CVSS rating: "a11y-mcp is a local stdio MCP server - it has no HTTP endpoint and is not network-accessible. The caller is always the local user or an LLM acting on their behalf with user approval."
Published: 2026-04-02
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server-side request forgery via local execution
Action: Patch
AI Analysis

Impact

A local attacker can exploit a server‑side request forgery vulnerability in the A11yServer function of a11y‑mcp. By manipulating input, the server may be forced to send requests to arbitrary URLs. Although the server has no public HTTP interface, the flaw allows a local user or an LLM acting with user approval to redirect the server to malicious resources, potentially exposing internal data or executing further commands. The weakness is a classic SSRF represented by CWE‑918.

Affected Systems

Affected products are the a11y‑mcp project released by priyankark, specifically all versions up to and including 1.0.5. No explicit fixed versions are listed for earlier releases, but the project uses a rolling release model and the patch that resolves the issue is present in 1.0.6. Users running any version older than 1.0.6 should consider the product vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. EPSS data is unavailable and the vulnerability is not in the KEV catalog. Because the attack requires local execution, a compromised local user or an LLM that has been granted permissions can exploit the flaw. Once the server is tricked into making external requests, an attacker could exfiltrate sensitive data or trigger unintended actions on the host, creating a potential pivot point for further attacks. The risk is limited to environments where the a11y‑mcp server is run by untrusted users, but the publicly available exploit means the threat is real.

Generated by OpenCVE AI on April 2, 2026 at 09:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade priyankark a11y‑mcp to version 1.0.6 or newer.
  • Restrict local execution rights to trusted users only to limit exploitation surface.

Generated by OpenCVE AI on April 2, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Priyankark
Priyankark a11y-mcp
Vendors & Products Priyankark
Priyankark a11y-mcp

Thu, 02 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Upgrading to version 1.0.6 is able to resolve this issue. The patch is identified as e3e11c9e8482bd06b82fd9fced67be4856f0dffc. It is recommended to upgrade the affected component. The vendor acknowledged the issue but provides additional context for the CVSS rating: "a11y-mcp is a local stdio MCP server - it has no HTTP endpoint and is not network-accessible. The caller is always the local user or an LLM acting on their behalf with user approval."
Title priyankark a11y-mcp index.js A11yServer server-side request forgery
Weaknesses CWE-918
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Priyankark A11y-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-02T06:15:19.452Z

Reserved: 2026-04-01T13:12:31.763Z

Link: CVE-2026-5323

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-02T07:15:58.793

Modified: 2026-04-02T07:15:58.793

Link: CVE-2026-5323

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:22:17Z

Weaknesses