CVE-2026-5323

Published: Apr 02, 2026 Last Modified: Apr 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 5,3
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
MEDIUM 4,3
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. Upgrading to version 1.0.6 is able to resolve this issue. The patch is identified as e3e11c9e8482bd06b82fd9fced67be4856f0dffc. It is recommended to upgrade the affected component. The vendor acknowledged the issue but provides additional context for the CVSS rating: 'a11y-mcp is a local stdio MCP server - it has no HTTP endpoint and is not network-accessible. The caller is always the local user or an LLM acting on their behalf with user approval.'

918

Server-Side Request Forgery (SSRF)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
View CWE Details
https://github.com/priyankark/a11y-mcp/
https://github.com/priyankark/a11y-mcp/
https://github.com/priyankark/a11y-mcp/commit/e3e11c9e8482b…
https://github.com/priyankark/a11y-mcp/commit/e3e11c9e8482bd06b82fd9fced67be485…
https://github.com/wing3e/public_exp/issues/17
https://github.com/wing3e/public_exp/issues/17
https://vuldb.com/submit/780752
https://vuldb.com/submit/780752
https://vuldb.com/vuln/354655
https://vuldb.com/vuln/354655
https://vuldb.com/vuln/354655/cti
https://vuldb.com/vuln/354655/cti