HIGH 8.8 NuGet
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network
GHSA-hhfx-wfvq-7g9c · CVE-2026-26118
Published · Modified
Description
Server-Side Request Forgery (SSRF) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-26118
- WEB https://github.com/microsoft/mcp/commit/804ff60293206c4d8e832f772097238561bf2c34
- PACKAGE https://github.com/microsoft/mcp
- WEB https://github.com/microsoft/mcp/releases/tag/Azure.Mcp.Server-1.0.2
- WEB https://github.com/microsoft/mcp/releases/tag/Azure.Mcp.Server-2.0.0-beta.17
- WEB https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118
Ready to move
Start Securing
Free, no credit card | First findings in minutes