CVE-2026-10274

MEDIUM 6.3

indrasishbanerjee aem-mcp-server Axios Request Flow mcp-server.ts getAssetMetadata server-side request forgery

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-918
Vendor	indrasishbanerjee
Product	aem-mcp-server
Published	Jun 1, 2026
Last Updated	Jun 1, 2026

Stay Ahead of the Next One

Get instant alerts for indrasishbanerjee aem-mcp-server

Be the first to know when new medium vulnerabilities affecting indrasishbanerjee aem-mcp-server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

indrasishbanerjee / aem-mcp-server

b5f833aef9b5dfd17a5991b3b18a8a11edbdc583

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367553 vuldb.com: https://vuldb.com/vuln/367553/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10274 vuldb.com: https://vuldb.com/submit/825401 github.com: https://github.com/indrasishbanerjee/aem-mcp-server/issues/3 github.com: https://github.com/indrasishbanerjee/aem-mcp-server/

Credits

🔍 ccccccctfi (VulDB User) VulDB CNA Team