CVE-2026-7146

Name of the Vulnerable Software and Affected Versions AlejandroArciniegas mcp-data-vis versions up to de5a51525a69822290eaee569a1ab447b490746d

Description An issue in the HTTP Request Handler component allows for server-side request forgery, which occurs when an attacker can induce the server to make requests to an unintended location. This can be triggered remotely through the axios() function located in the src/servers/web-scraper/server.js file.

Recommendations As a temporary workaround, consider restricting the use of the axios() function in the src/servers/web-scraper/server.js file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.