CVE-2026-7729

MEDIUM CVSS 6.3 View on NVD ↗

Description

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/BruceJqs/public_exp/issues/36
https://github.com/pixelsock/directus-mcp/
https://github.com/pixelsock/directus-mcp/issues/13
https://github.com/pixelsock/directus-mcp/pull/14
https://vuldb.com/submit/807539
https://vuldb.com/vuln/360904
https://vuldb.com/vuln/360904/cti

Published: May 04, 2026 05:16 UTC Modified: May 04, 2026 15:18 UTC