SSRF Protection Bypass via IPv4-mapped IPv6 Loopback Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl() (src/security.ts) to block requests to private and loopback addresses. However, the isPriv…
| CVE ID | CVE-2026-49857 |
| Vendor | npm |
| Affected Product | auth-fetch-mcp |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.4 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl() (src/security.ts) to block requests to private and loopback addresses. However, the isPrivateV6() function fails to detect IPv4-mapped IPv6 loopback addresses in their hex-normalized form. When an attacker supplies a URL such as http://[::ffff:127.0.0.1]:PORT/, the Node.js WHATWG URL parser silently normalizes the host to [::ffff:7f00:1]. Because net.isIPv4('7f00:1') returns false, the private-IP check is bypassed and the URL is passed to the browser or HTTP client, allowing the MCP tool to reach loopback services that are supposed to be blocked. The issue is exploitable under default configuration without any special environment variable aSigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.