CVE-2026-45609

HIGH 7.2

mcp-security: Unvalidated URL Fetching (SSRF)

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

8th

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled This vulnerability is fixed in 0.1.9.

CWE	CWE-918
Vendor	spring-ai-community
Product	mcp-security
Published	May 29, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for spring-ai-community mcp-security

Be the first to know when new high vulnerabilities affecting spring-ai-community mcp-security are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

spring-ai-community / mcp-security

< 0.1.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/spring-ai-community/mcp-security/security/advisories/GHSA-qjp4-4jvr-xqg3