Manthanghasadiya

**Name of the Vulnerable Software and Affected Versions** n8n-MCP versions 2.47.4 through 2.47.13 **Description** The synchronous URL validator in `SSRFProtection.validateUrlSync()` lacks IPv6 checks within the SDK embedder path, specifically affecting the `N8NDocumentationMCPServer` constructor, `getN8nApiClient()`, and `validateInstanceContext()`. This allows IPv4-mapped IPv6 addresses to bypass checks for cloud-metadata, localhost, and private-IP ranges. An attacker providing a malicious `n8nApiUrl` value can trigger the server to issue HTTP requests to localhost services, RFC1918 private networks, or cloud metadata endpoints. This results in a non-blind Server-Side Request Forgery (SSRF), where response bodies are returned to the caller and the `n8nApiKey` is forwarded in the `x-n8n-api-key` header to the attacker-controlled target. **Recommendations** Update to version 2.47.14. As a temporary workaround, validate URLs before passing them to the SDK by rejecting any `n8nApiUrl` where the hostname is an IP literal. As a temporary workaround, restrict egress at the network layer to block outbound traffic to RFC1918 ranges, link-local 169.254.0.0/16, and cloud metadata endpoints. As a temporary workaround, reject user-controlled `n8nApiUrl` values.

Name of the Vulnerable Software and Affected Versions Mobile Next versions prior to 0.0.50 Description The `mobile open url` tool in Mobile Next passes user-supplied URLs directly to Android's intent system without scheme validation, potentially allowing execution of arbitrary Android intents, including USSD codes, phone calls, SMS messages, and content provider access. This could allow an attacker, via prompt injection, to execute dangerous intents on a connected mobile device. The vulnerability is exploitable through malicious documents or websites that inject instructions into an AI agent controlling the MCP server. An attacker could execute USSD codes, initiate phone calls to premium rate numbers, draft SMS messages with attacker-controlled content, and access content providers like contacts, SMS, and call logs. Recommendations Upgrade to version 0.0.50 or later. Users requiring other URL schemes can set `MOBILEMCP ALLOW UNSAFE URLS=1`.