CVE-2025-59155

Name of the Vulnerable Software and Affected Versions hackmd-mcp versions 1.4.0 through 1.4.9

Description hackmd-mcp is a Model Context Protocol server that integrates HackMD's note-taking platform with AI assistants. A server-side request forgery (SSRF) vulnerability exists in the HTTP transport mode, allowing attackers to redirect outbound API requests to internal network services, access internal endpoints, perform network reconnaissance, and bypass network access controls. The vulnerability occurs because arbitrary hackmdApiUrl values supplied via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter are accepted without validation. The stdio transport mode is not affected.

Recommendations Update to version 1.5.0 or later. Alternatively, switch to stdio mode by setting TRANSPORT=stdio or removing the TRANSPORT environment variable. Restrict outbound network access using firewall rules or network policies. Place the MCP server behind a reverse proxy that validates and filters the Hackmd-Api-Url header and the base64-encoded JSON config query parameter.