Description

FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during the initialize() call. This enables Server-Side Request Forgery (SSRF) and local file read attacks when processing untrusted OpenAPI specifications. This vulnerability is fixed in 2.3.0.

INFO

Published Date :

2026-04-08T20:34:20.538Z

Last Modified :

2026-04-09T16:16:59.067Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-39885 vulnerability.

Vendors Products
Agentfront
  • Frontmcp
Frontmcp
  • Mcp-from-openapi
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-39885.

URL Resource
https://github.com/agentfront/frontmcp/releases/tag/v1.0.4 cve-icon cve-icon
https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxj cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact