Cyber Resilience

CVE-2026-5832

Medium

Published: 09 April 2026

Published
09 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 20.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5832 is a medium-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-5832 is a server-side request forgery (SSRF) vulnerability in the atototo api-lab-mcp software up to version 0.2.1. It affects the HTTP Interface component, specifically the functions analyze_api_spec, generate_test_scenarios, and test_http_endpoint in the file src/mcp/http-server.ts. The flaw arises from improper handling of the source/url argument, allowing manipulation that leads to SSRF.

Remote attackers can exploit this vulnerability without authentication or user interaction, as indicated by the CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation enables limited impacts on confidentiality, integrity, and availability, potentially allowing attackers to forge requests to internal or external resources from the vulnerable server.

Advisories note that the project was informed early via an issue report at https://github.com/atototo/api-lab-mcp/issues/4 but has not responded. No patches or mitigations are mentioned in available references, including the project repository at https://github.com/atototo/api-lab-mcp/ and VulDB entries at https://vuldb.com/submit/789765 and https://vuldb.com/vuln/356288. A public exploit is available at https://github.com/BruceJqs/public_exp/issues/6, increasing the risk of attacks.

EU & UK References

Vulnerability details

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. The attack is possible to…

more

be carried out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The CVE describes an unauthenticated remote SSRF vulnerability in a public-facing HTTP interface (functions like test_http_endpoint), directly enabling exploitation of a public-facing application as per T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7147Shared CWE-918
CVE-2026-7146Shared CWE-918
CVE-2026-7221Shared CWE-918
CVE-2026-32871Shared CWE-918
CVE-2025-0454Shared CWE-918
CVE-2026-42260Shared CWE-918
CVE-2026-7158Shared CWE-918
CVE-2026-7417Shared CWE-918
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates SSRF by requiring validation of the source/url argument to ensure only legitimate and safe URLs are processed by the affected functions.

prevent

Boundary protection enforces network-level restrictions on outbound HTTP requests from the vulnerable server, preventing forged requests to internal or unauthorized external resources.

prevent

Information flow enforcement policies limit the destinations to which the HTTP server can send requests, blocking SSRF attempts to unapproved internal services.

References