HomeCVE Intelligence › CVE-2026-49857
CVSS 7.4 HIGH Vulnerability

CVE-2026-49857: auth-fetch-mcp has SSRF Protection Bypass via IPv4-mapped IPv6 Loopback

SSRF Protection Bypass via IPv4-mapped IPv6 Loopback Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl() (src/security.ts) to block requests to private and loopback addresses. However, the isPriv…

7.4CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-49857
Vendornpm
Affected Productauth-fetch-mcp
Vulnerability TypeVulnerability
CVSS Score7.4 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

SSRF Protection Bypass via IPv4-mapped IPv6 Loopback

Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl() (src/security.ts) to block requests to private and loopback addresses. However, the isPrivateV6() function fails to detect IPv4-mapped IPv6 loopback addresses in their hex-normalized form. When an attacker supplies a URL such as http://[::ffff:127.0.0.1]:PORT/, the Node.js WHATWG URL parser silently normalizes the host to [::ffff:7f00:1]. Because net.isIPv4('7f00:1') returns false, the private-IP check is bypassed and the URL is passed to the browser or HTTP client, allowing the MCP tool to reach loopback services that are supposed to be blocked. The issue is exploitable under default configuration without any special environment variable a

🎯 Known Indicators of Compromise

{"type":"url","value":"http://[::ffff:127.0.0.1]:PORT/`,","confidence_score":0.82,"first_seen":"2026-07-01","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-49857 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence