PT-2025-40799 · Mcphub · Mcphub
Yu Bao
·
Published
2025-10-05
·
Updated
2025-10-07
·
CVE-2025-11286
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
samanhappy MCPHub versions up to 0.9.10
Description
A server-side request forgery condition exists due to manipulation of the
baseUrl argument within the file src/controllers/serverController.ts of the MCPRouter Service component. This issue can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond.Recommendations
Versions prior to 0.9.10 should be updated.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcphub