CVSS 7.2 HIGH
Vulnerability
CVE-2026-45609: Spring AI MCP Security: Unvalidated URL Fetching (SSRF)
Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) [security specifications](https://modelcontextprotocol.io/docs/tutorials/security/securit…
7.2CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type
📋 Vulnerability Details
| CVE ID | CVE-2026-45609 |
| Vendor | maven |
| Affected Product | org.springaicommunity:mcp-client-security |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.2 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
🔬 Technical Analysis
#
Summary The mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol (MCP) [security specifications](https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices#mitigation-3). Specifically, it processes untrusted URLs for OAuth-related discovery and metadata without verifying if the targets are malicious or internal to the network. This only affects installations with Dynamic Client Registration (DCR) enabled: ``properties
spring.ai.mcp.client.authorization.dynamic-client-registration.enabled=true `` DCR does not validate URLs exposed by MCP Servers (protected resource metadata URL, authorization server URL) and Authorization Servers (all OAuth2 endpoints).
Workaround When users need to perform DCR, they m
🎯 Known Indicators of Compromise
{"type":"url","value":"https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices#mitigation-3).","confidence_score":0.82,"first_seen":"2026-05-18","source_count":1}
{"type":"domain","value":"modelcontextprotocol.io","confidence_score":0.75,"first_seen":"2026-05-18","source_count":1}
⚡ DETECTION RULES AVAILABLE
Get CVE-2026-45609 Detection Pack
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.
✓ Sigma Rules
✓ YARA Pack
✓ IOC Table
✓ SIEM Queries
🛡️ Get Detection Pack →
🔌 Access via API →