CVE-2026-39885

Published: Apr 8, 2026Modified: Apr 15, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during the initialize() call. This enables Server-Side Request Forgery (SSRF) and local file read attacks when processing untrusted OpenAPI specifications. This vulnerability is fixed in 2.3.0.

Affected (4)

Products: Agentfront: @frontmcp/adapters, @frontmcp/sdk, Frontmcp · Frontmcp: Mcp From Openapi

3 products

@frontmcp/adapters

1 product

Mcp From Openapi

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Agentfront @frontmcp/adapters	Before 1.0.4
Agentfront @frontmcp/sdk	Before 1.0.4
Agentfront Frontmcp	Before 1.0.4
Frontmcp Mcp From Openapi	Before 2.3.0

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (3)

https://github.com/agentfront/frontmcp/releases/tag/v1.0.4

Source: security-advisories@github.com

Product

https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxj

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxj

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.