PT-2026-31566 · Unknown · Atototo Api-Lab-Mcp
Brucejin
·
Published
2026-04-09
·
Updated
2026-04-10
·
CVE-2026-5832
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
atototo api-lab-mcp versions up to 0.2.1
Description
A weakness exists in the HTTP Interface component of atototo api-lab-mcp. Manipulation of the
source/url argument within the analyze api spec/generate test scenarios/test http endpoint function in the src/mcp/http-server.ts file can lead to server-side request forgery (SSRF). This issue is remotely exploitable.Recommendations
Versions prior to 0.2.1 are recommended.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atototo Api-Lab-Mcp