CVE-2026-5470
Wykorzystanie argumentu URL w mixelpixx prowadzi do oszustwa serwera przez atakującego.
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protocol Handler. The manipulation of the argument URL leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-03 16:16:43 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-24 18:13:28 UTC |
- https://github.com/wing3e/public_exp/issues/21 (cna@vuldb.com)
- https://vuldb.com/submit/781778 (cna@vuldb.com)
- https://vuldb.com/vuln/355074 (cna@vuldb.com)
- https://vuldb.com/vuln/355074/cti (cna@vuldb.com)