CVE-2026-26118

HIGH

Azure MCP Server - SSRF

Title source: llm

Description

Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.

Exploits (3)

github SCANNER 10 stars
by XiaomingX · pythonpoc
https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-26118
nomisec WRITEUP
by j-dahl7 · poc
https://github.com/j-dahl7/mcp-attack-detection-sentinel
nomisec SCANNER
by piiiico · poc
https://github.com/piiiico/mcp-check

References (1)

Scores

CVSS v3 8.8
EPSS 0.0004
EPSS Percentile 13.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-918
Status published
Products (11)
azure/mcp 2.0.0-beta.1 - 2.0.0-beta.17npm
microsoft/azure_mcp_server 2.0.0 beta1 (16 CPE variants)
microsoft/azure_mcp_server < 2.0.0
Microsoft/Azure MCP Server Tools 1.0.0 - 2.0.0-beta.17
Microsoft/Azure MCP Server Tools 1.0.0 (npm) 1.0.0 - 1.0.2
Microsoft/Azure MCP Server Tools 1.0.0 (NuGet) 1.0.0 - 1.0.2
Microsoft/Azure MCP Server Tools 2.0.0 (npm) 2.0.0-beta.1 - 2.0.0-beta.17
Microsoft/Azure MCP Server Tools 2.0.0 (NuGet) 2.0.0-beta.1 - 2.0.0-beta.17
Microsoft/Azure MCP Server Tools 2.0.0 (PyPi) 2.0.0-beta.1 - 2.0.0-beta.17
nuget/Azure.Mcp 2.0.0-beta.1 - 2.0.0-beta.17NuGet
... and 1 more
Published Mar 10, 2026
Tracked Since Mar 11, 2026