CVE-2026-42260
HIGHOpen-WebSearch: SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
Title source: cnaDescription
Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF with the response body returned to the caller. This vulnerability is fixed in 2.1.7.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/Aas-ee/open-webSearch/security/advisories/GHSA-v228-72c7-fx8j
Scores
CVSS v3
8.2
EPSS
0.0004
EPSS Percentile
11.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
Aas-ee/open-webSearch
< 2.1.7
npm/open-websearch
0 - 2.1.7npm
Published
May 12, 2026
Tracked Since
May 12, 2026