Cyber Resilience

CVE-2026-7417

Medium

Published: 29 April 2026

Published
29 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0002 6.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7417 is a medium-severity SSRF (CWE-918) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-7417 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, in Algovate xhs-mcp version 0.8.11. The flaw resides in the xhs_publish_content function within the file src/server/mcp.server.ts of the MCP Interface component, where manipulation of the media_paths argument enables the SSRF condition.

Remote attackers can exploit this vulnerability without authentication, privileges, or user interaction and with low attack complexity, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling attackers to forge requests from the server to arbitrary destinations.

The project was informed of the issue early via a GitHub issue report but has not responded as of the CVE publication on 2026-04-29. No patches or official mitigations are available in the referenced advisories. An exploit has been publicly disclosed, with details in GitHub issues on the project repository and a public exploit repository, as well as VulDB entries.

EU & UK References

Vulnerability details

A vulnerability was found in Algovate xhs-mcp 0.8.11. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery. The attack may be initiated remotely.…

more

The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SSRF vulnerability in unauthenticated public-facing MCP server component directly enables initial access via exploitation of public-facing application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7147Shared CWE-918
CVE-2026-7146Shared CWE-918
CVE-2026-7221Shared CWE-918
CVE-2026-32871Shared CWE-918
CVE-2025-0454Shared CWE-918
CVE-2026-5832Shared CWE-918
CVE-2026-42260Shared CWE-918
CVE-2026-7158Shared CWE-918
CVE-2026-6514Shared CWE-918
CVE-2026-44116Shared CWE-918

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the media_paths input argument to block malicious URLs that enable SSRF in the xhs_publish_content function.

prevent

Mandates identification, reporting, and correction of the specific SSRF flaw in src/server/mcp.server.ts, including patching despite the project's lack of response.

prevent

Boundary protection monitors and controls outbound communications to block SSRF exploitation attempts to arbitrary internal or external destinations.

References