Server-Side Request Forgery in aerostackdev aerostack-mcp Media Upload Functionality
CVE-2026-15189
5.3MEDIUM
What is CVE-2026-15189?
A security vulnerability has been identified in the aerostackdev aerostack-mcp application, specifically within the upload_media function of the mcp-whatsapp component. This vulnerability allows an attacker to manipulate the media_url argument, potentially enabling server-side request forgery (SSRF) attacks. This flaw can be exploited remotely, raising concerns for users operating on the system's rolling release model, as no specific version details are provided. Despite early notification to the project team concerning this issue, no response has been observed. It is essential for users to be aware of this vulnerability and take necessary precautions to safeguard their infrastructures.
Affected Version(s)
aerostack-mcp 6315dfde7df0a15aaf743f88d91347115e09ba23
