PT-2026-29684 · Priyankark · A11Y-Mcp
Bigw
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-5323
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
priyankark a11y-mcp versions up to 1.0.5
Description
A flaw exists in the A11yServer function within the src/index.js file of priyankark a11y-mcp. This issue allows for server-side request forgery when initiated locally. The exploit is publicly available. The product follows a rolling release model, so specific version details for fixes are not available.
Recommendations
Upgrade to version 1.0.6 to resolve the issue.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A11Y-Mcp