Summary
The ckan-mcp-server MCP server is vulnerable to Server-Side Request Forgery (SSRF). An attacker can craft tool call parameters that cause the server to make HTTP requests to internal network resources, potentially accessing metadata endpoints, internal APIs, or other services not intended to be publicly reachable.
Details
- CVE: CVE-2026-33060
- GHSA: GHSA-3xm7-qw7j-qc8v
- CWE: CWE-918 — Server-Side Request Forgery (SSRF)
- CVSS: 5.3 (Medium)
- Discovered by: munio scan (automated static analysis)
- Disclosed: March 16, 2026
Impact
An attacker who can influence tool call parameters may be able to:
- Access cloud metadata endpoints (e.g.,
http://169.254.169.254/) - Reach internal services not exposed to the internet
- Scan internal network ports and services
Remediation
- Validate and sanitize all URL parameters before making HTTP requests
- Block requests to private IP ranges (
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16) - Block requests to localhost (
127.0.0.1,::1) - Enforce HTTPS for all outbound requests
Disclosure
Disclosed March 16, 2026 through responsible disclosure.