ReportizFlow
Filtered by vendor Aas-ee
Subscriptions
Filtered by product Open-websearch
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42260 | 1 Aas-ee | 1 Open-websearch | 2026-05-13 | 8.2 High |
| Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not recognize bracketed IPv6 literals and do not resolve DNS, which combine to allow non-blind SSRF with the response body returned to the caller. This vulnerability is fixed in 2.1.7. | ||||
Page 1 of 1.