CVE-2025-9611

HIGH

Microsoft Playwright MCP Server <0.0.40 - SSRF

Title source: llm

Description

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.

References (3)

[Third Party Advisory] https://www.vulncheck.com/advisories/microsoft-playwright-mcp-server-dns-rebinding-via-missing-origin-header-validation

[Patch] https://github.com/microsoft/playwright/commit/1313fbd

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-8rgw-6xp9-2fg3

Scores

CVSS v4 7.2

EPSS 0.0026

EPSS Percentile 49.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-749

Status published

Products (2)

Microsoft/Playwright < 0.0.40

playwright/mcp 0 - 0.0.40npm

Published Jan 07, 2026

Tracked Since Feb 18, 2026