CVE-2026-5346
Published: 02 April 2026
Summary
CVE-2026-5346 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SSRF by validating and sanitizing the manipulated 'url' argument in the client.get function before making requests.
Enforces boundary protections to monitor and control server-initiated outbound requests, preventing access to unauthorized internal or external resources via SSRF.
Controls information flows from the server by enforcing policies that restrict outbound requests based on approved destinations, limiting SSRF exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing web application directly enables exploitation via T1190; ability to force server requests to internal resources facilitates network service discovery (T1046).
NVD Description
A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible…
more
to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-5346 is a server-side request forgery (SSRF) vulnerability affecting huimeicloud hm_editor versions up to 2.2.3. The issue resides in the client.get function within the src/mcp-server.js file of the image-to-base64 endpoint, where manipulation of the url argument enables the forgery. Classified under CWE-918, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-04-02.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to make unauthorized requests from the server to internal or external resources.
Advisories from VulDB and a related GitHub issue in wing3e/public_exp detail the vulnerability but note no response from the vendor despite early contact. No patches or official mitigations are available; practitioners should review the references at https://github.com/wing3e/public_exp/issues/11, https://vuldb.com/submit/781341, https://vuldb.com/vuln/354701, and https://vuldb.com/vuln/354701/cti for exploit details and consider network controls or endpoint restrictions as interim measures.
The exploit has been publicly disclosed and may be utilized, increasing the risk of active exploitation in unpatched environments.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp