CVE-2026-7158
Published: 27 April 2026
Summary
CVE-2026-7158 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates validation of the manipulated 'url' argument in _validate_url_safe to prevent SSRF exploitation.
Enforces boundary protections to monitor and control outbound requests from the server, blocking unauthorized internal or external resource access via SSRF.
Controls information flows to enforce policies that restrict the server from making unintended requests based on forged URLs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing server component directly enables remote exploitation of the application.
NVD Description
A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack can be executed remotely.…
more
The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7158 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting the dmitryglhf mcp-url-downloader project up to commit 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. The issue resides in the _validate_url_safe function within the file src/mcp_url_downloader/server.py, where improper handling of the 'url' argument enables the forgery. This open-source project uses a rolling release model, making specific affected or patched version information unavailable.
Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation allows limited impacts on confidentiality, integrity, and availability through SSRF, potentially enabling attackers to induce the server to make unintended requests to internal or external resources.
Advisories from VulDB and the project's GitHub repository (dmitryglhf/url-download-mcp/issues/2) confirm the issue was reported early via an issue tracker, but the maintainers have not yet responded or issued patches. The exploit has been publicly disclosed and may be actively used, urging practitioners to review deployments up to the specified commit and implement network-level controls or input validation as interim mitigations.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp