Description
mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled This vulnerability is fixed in 0.1.9.
Published: 2026-05-29
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qjp4-4jvr-xqg3 Spring AI MCP Security: Unvalidated URL Fetching (SSRF)
History

Wed, 03 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Springaicommunity
Springaicommunity mcp Security
CPEs cpe:2.3:a:springaicommunity:mcp_security:*:*:*:*:*:*:*:*
Vendors & Products Springaicommunity
Springaicommunity mcp Security

Tue, 02 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Spring-ai-community
Spring-ai-community mcp-security
Vendors & Products Spring-ai-community
Spring-ai-community mcp-security

Fri, 29 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) security specifications. Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled This vulnerability is fixed in 0.1.9.
Title mcp-security: Unvalidated URL Fetching (SSRF)
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N'}


Subscriptions

Spring-ai-community Mcp-security
Springaicommunity Mcp Security
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-02T01:21:35.943Z

Reserved: 2026-05-12T20:31:43.447Z

Link: CVE-2026-45609

cve-icon Vulnrichment

Updated: 2026-06-02T01:21:31.186Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-29T15:16:23.463

Modified: 2026-06-03T14:08:48.140

Link: CVE-2026-45609

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T15:49:32Z

Weaknesses