CVE-2026-7147 - Vulnerability Details

- JoeCastrom mcp-chat-studio LLM Models API llm.js server-side request forgery

Description

A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-04-27

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the LLM Models API llm.js of JoeCastrom mcp-chat-studio. Manipulating the req.query.base_url parameter triggers a server‑side request forgery, allowing a remote attacker to instruct the server to send arbitrary HTTP requests to internal or external resources. The capability to perform these requests is inferred from the nature of SSRF, but the specific consequences such as file disclosure or command execution are not detailed in the description. The weakness corresponds to CWE‑918.

Affected Systems

JoeCastrom mcp-chat-studio up to version 1.5.0 is impacted. The known affected component is the server/routes/llm.js file within the LLM Models API. Users running any releases preceding or equal to 1.5.0 should verify their deployment. No patch or version guarantee is listed in the input.

Risk and Exploitability

The CVSS base score is 6.9, signalling a moderate to high severity. The EPSS score is < 1%, indicating a very low exploitation probability, and the vulnerability is not listed in CISA’s KEV, but the public exploit indicates that adversaries could target affected installations. The attack vector is inferred from the description; it requires a crafted base_url value to trigger SSRF. The absence of an official fix means the risk remains until mitigation is applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

JoeCastrom

mcp-chat-studio

affected

Version	Status	Constraints
`1.0`	affected	—
`1.1`	affected	—
`1.2`	affected	—
`1.3`	affected	—
`1.4`	affected	—
`1.5.0`	affected	—

No data.

Vendor Product Confidence Versions

Joecastrom

Mcp-chat-studio

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—
`1.1`	affected	generic	—
`1.2`	affected	generic	—
`1.3`	affected	generic	—
`1.4`	affected	generic	—
`1.5.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a later release of mcp-chat-studio that includes a fix once it becomes available.
Restrict the base_url query parameter to a whitelist of trusted domains using server‑side validation or input filtering.
Block the application’s outbound network traffic to only necessary destinations by configuring firewall rules or container network policies to mitigate SSRF impacts.
Monitor outbound HTTP requests and application logs for suspicious activity to detect exploitation attempts.

Generated by OpenCVE AI on April 28, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/JoeCastrom/mcp-chat-studio/
https://github.com/JoeCastrom/mcp-chat-studio/issues/4
https://vuldb.com/submit/801896
https://vuldb.com/vuln/359746
https://vuldb.com/vuln/359746/cti

History

Tue, 28 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Joecastrom Joecastrom mcp-chat-studio
Vendors & Products		Joecastrom Joecastrom mcp-chat-studio

Mon, 27 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 27 Apr 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		JoeCastrom mcp-chat-studio LLM Models API llm.js server-side request forgery
Weaknesses		CWE-918
References		https://github.com/JoeCastrom/mcp-chat-studio/ https://github.com/JoeCastrom/mcp-chat-studio/issues/4 https://vuldb.com/submit/801896 https://vuldb.com/vuln/359746 https://vuldb.com/vuln/359746/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Joecastrom Mcp-chat-studio

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-27T18:15:15.510Z

Updated: 2026-04-27T19:30:13.300Z

Reserved: 2026-04-26T19:58:59.072Z

Link: CVE-2026-7147

Vulnrichment

Updated: 2026-04-27T19:30:08.927Z

NVD

Status : Deferred

Published: 2026-04-27T19:16:53.663

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7147

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T23:30:06Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object