CVE-2026-45609

mcp-security: Unvalidated URL Fetching (SSRF)

Assigner: GitHub_M
Reserved: 12.05.2026 Published: 29.05.2026 Updated: 29.05.2026

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled This vulnerability is fixed in 0.1.9.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CVSS Score: 7.2

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	spring-ai-community
Product	mcp-security
Versions	Version < 0.1.9 is affected

Vendor

spring-ai-community

Product

mcp-security

Versions

Version < 0.1.9 is affected

References

Problem Types

CWE-918: Server-Side Request Forgery (SSRF) CWE

CVE-2026-45609 PUBLISHED

mcp-security: Unvalidated URL Fetching (SSRF)

Metrics

Product Status

References

Problem Types