Description
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server‑side request forgery
Action: Immediate Patch
AI Analysis

Impact

The vulnerability lies in the _validate_url_safe function of the mcp-url-downloader project, enabling an attacker to supply a crafted URL that causes the server to make arbitrary HTTP requests on the attacker’s behalf. This server‑side request forgery can lead to exposure of internal resources, execution of unintended operations, and potential compromise of sensitive systems. The flaw is identified as CWE‑918 and is rated moderate with a CVSS score of 6.9. The exploitation requires only remote access to the application and can affect any system that runs the vulnerable code.

Affected Systems

The affected package is dmitryglhf mcp-url-downloader. Versions up to the commit 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6 are vulnerable. The project follows a rolling‑release model, so exact version numbers for patched releases are not publicly documented; users should check the repository for the latest commit when applying a fix.

Risk and Exploitability

The publicly disclosed exploit is available, and the vulnerability can be triggered remotely. The EPSS score is not available, but the CVSS score of 6.9 indicates a medium severity. The vulnerability is not listed in the CISA KEV catalog. Attackers can target the service through normal traffic channels, making the attack vector likely remote and accessible to anyone who can reach the application. Because no official patch is currently published, the risk is higher for deployments that have not migrated to the latest commit.

Generated by OpenCVE AI on April 28, 2026 at 12:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the mcp-url-downloader package to the most recent commit that fixes the _validate_url_safe function; if a patched release is not yet available, pull the latest source code directly from the repository and apply the code changes that limit URL parsing to safe domains.
  • Configure the environment so that outbound HTTP requests from the mcp-url-downloader process are restricted. Use firewall rules or a proxy to block connections to internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and only permit outgoing traffic to approved external services.
  • Add an additional layer of URL validation in the deployment where you can whitelist a set of trusted domains. Reject or sanitize any URL that resolves to private or local addresses before the application forwards the request.

Generated by OpenCVE AI on April 28, 2026 at 12:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-h7xc-4mv8-59fj mcp-url-downloader has a Server-Side Request Forgery issue
History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Dmitryglhf
Dmitryglhf mcp-url-downloader
Vendors & Products Dmitryglhf
Dmitryglhf mcp-url-downloader

Mon, 27 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Title dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery
Weaknesses CWE-918
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Dmitryglhf Mcp-url-downloader
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T15:00:55.140Z

Reserved: 2026-04-26T20:12:54.993Z

Link: CVE-2026-7158

cve-icon Vulnrichment

Updated: 2026-04-28T15:00:08.459Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T21:16:44.337

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7158

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:00:15Z

Weaknesses