CVE-2026-7417

High

Published: 29 April 2026

Published

29 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0006 18.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7417 is a high-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of the media_paths input argument to block malicious URLs that enable SSRF in the xhs_publish_content function.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of the specific SSRF flaw in src/server/mcp.server.ts, including patching despite the project's lack of response.

SC-7 Boundary Protection partial match

prevent

Boundary protection monitors and controls outbound communications to block SSRF exploitation attempts to arbitrary internal or external destinations.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SSRF vulnerability in unauthenticated public-facing MCP server component directly enables initial access via exploitation of public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. The attack may be initiated remotely.…

The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Deeper analysisAI

CVE-2026-7417 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, in Algovate xhs-mcp version 0.8.11. The flaw resides in the xhs_publish_content function within the file src/server/mcp.server.ts of the MCP Interface component, where manipulation of the media_paths argument enables the SSRF condition.

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction and with low attack complexity, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to forge requests from the server to arbitrary destinations.

The project was informed of the issue early via a GitHub issue report but has not responded as of the CVE publication on 2026-04-29. No patches or official mitigations are available in the referenced advisories. An exploit has been publicly disclosed, with details in GitHub issues on the project repository and a public exploit repository, as well as VulDB entries.