CVE-2026-5470
MEDIUMmixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery
Title source: cnaDescription
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protocol Handler. The manipulation of the argument URL leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-355074 | mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery
https://vuldb.com/vuln/355074
Signature, Permissions Required signature
permissions-required
VDB-355074 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/355074/cti
Third Party Advisory third-party-advisory
Submit #781778 | mixelpixx google-search-mcp 0.1.0 Server-Side Request Forgery
https://vuldb.com/submit/781778
Exploit exploit
issue-tracking
https://github.com/wing3e/public_exp/issues/21
Scores
CVSS v3
6.3
EPSS
0.0021
EPSS Percentile
10.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (2)
mixelpixx/Google-Research-MCP
1e062d7bd887bfe5f6e582b6cc288bb897b35cf2
mixelpixx/Google-Research-MCP
ca613b736ab787bc926932f59cddc69457185a83
Published
Apr 03, 2026
Tracked Since
Apr 03, 2026