Server-Side Request Forgery Vulnerability in AIAnytime Awesome-MCP-Server
CVE-2026-14748
Key Information:
- Vendor
Aianytime
- Status
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14748?
A vulnerability has been identified in the AIAnytime Awesome-MCP-Server affecting the mcp-wiki/wiki-summary component. This flaw allows for the manipulation of the 'url' argument in the server.py file, potentially leading to server-side request forgery (SSRF) attacks. These attacks can be initiated remotely, increasing the risk of unauthorized access to internal resources. Despite early reports to the project maintainers, no response has been noted regarding this issue, leaving systems potentially exposed during updates in the rolling release model.
Affected Version(s)
Awesome-MCP-Server a884bb51bcd99e08e14fd712c749d55d9d9a13ab
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
