CVE-2026-5832
Published: 09 April 2026
Summary
CVE-2026-5832 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates SSRF by requiring validation of the source/url argument to ensure only legitimate and safe URLs are processed by the affected functions.
Boundary protection enforces network-level restrictions on outbound HTTP requests from the vulnerable server, preventing forged requests to internal or unauthorized external resources.
Information flow enforcement policies limit the destinations to which the HTTP server can send requests, blocking SSRF attempts to unapproved internal services.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes an unauthenticated remote SSRF vulnerability in a public-facing HTTP interface (functions like test_http_endpoint), directly enabling exploitation of a public-facing application as per T1190.
NVD Description
A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. The attack is possible to…
more
be carried out remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-5832 is a server-side request forgery (SSRF) vulnerability in the atototo api-lab-mcp software up to version 0.2.1. It affects the HTTP Interface component, specifically the functions analyze_api_spec, generate_test_scenarios, and test_http_endpoint in the file src/mcp/http-server.ts. The flaw arises from improper handling of the source/url argument, allowing manipulation that leads to SSRF.
Remote attackers can exploit this vulnerability without authentication or user interaction, as indicated by the CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation enables limited impacts on confidentiality, integrity, and availability, potentially allowing attackers to forge requests to internal or external resources from the vulnerable server.
Advisories note that the project was informed early via an issue report at https://github.com/atototo/api-lab-mcp/issues/4 but has not responded. No patches or mitigations are mentioned in available references, including the project repository at https://github.com/atototo/api-lab-mcp/ and VulDB entries at https://vuldb.com/submit/789765 and https://vuldb.com/vuln/356288. A public exploit is available at https://github.com/BruceJqs/public_exp/issues/6, increasing the risk of attacks.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, mcp