CVE-2026-25904

MEDIUM

mcp-run-python - Server-Side Request Forgery via Deno Sandbox Configuration

Title source: llm

Description

The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. Note - the "mcp-run-python" project is archived and unlikely to receive a fix.

References (1)

Core 1

Core References

Various Sources

https://research.jfrog.com/vulnerabilities/mcp-run-python-deno-ssrf-jfsa-2026-001653029/

Scores

CVSS v3 5.8

EPSS 0.0001

EPSS Percentile 2.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

pypi/mcp-run-python 0PyPI

Published Feb 09, 2026

Tracked Since Feb 18, 2026