CVE-2026-7150

Name of the Vulnerable Software and Affected Versions dh1011 auto-favicon versions up to f189116a9259950c2393f114dbcb94dde0ad864b

Description An issue in the MCP Tool component allows remote attackers to perform server-side request forgery (SSRF), which is a flaw where a server is tricked into making unauthorized requests to internal or external resources. This occurs through the manipulation of the image url argument within the generate favicon from url() function located in the 'src/auto favicon/server.py' file.

Recommendations As a temporary workaround, restrict access to or avoid using the generate favicon from url() function until a fix is provided.