PatchSiren cyber security CVE debrief
CVE-2026-46341 apify CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T18:16:43.913Z and has not been modified since then. The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetch_apify_docs.ts validates allowlisted documentation domains with String.startsWith() rather than URL hostname comparison, allowing attacker-controlled URLs to pass the ALLOWED_DOC_DOMAINS check and return arbitrary fetched content to the LLM. This issue is fixed in version 0.9.21. Users of Apify MCP server versions prior to 0.9.21 should review and update their installations to prevent potential data extraction by attacker-controlled URLs.
- Vendor
- apify
- Product
- apify-mcp-server
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Users of Apify MCP server versions prior to 0.9.21, operators, and security teams should review and update their installations to prevent potential data extraction by attacker-controlled URLs. Affected product deployments in managed environments require an owner for follow-up and compensating controls for exposed systems while remediation is scheduled and verified.
Technical summary
The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetch_apify_docs.ts validates allowlisted documentation domains with String.startsWith() rather than URL hostname comparison, allowing attacker-controlled URLs to pass the ALLOWED_DOC_DOMAINS check and return arbitrary fetched content to the LLM. This issue is fixed in version 0.9.21. The CVSS score of 6.1 indicates a medium priority for defensive actions.
Defensive priority
Medium priority given the CVSS score of 6.1 and the potential for data extraction. Defenders should focus on reviewing and updating Apify MCP server installations, verifying allowlisted documentation domains, and monitoring for potential data extraction attempts.
Recommended defensive actions
- Review and update Apify MCP server installations to version 0.9.21 or later
- Verify allowlisted documentation domains are properly validated using URL hostname comparison
- Monitor for potential data extraction attempts using attacker-controlled URLs
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
Evidence is limited to the supplied source corpus. Further verification is needed to confirm the scope of affected systems, potential impact, and validate allowlisted documentation domains. Defenders should verify URL hostname comparison and monitor for potential data extraction attempts using attacker-controlled URLs.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T18:16:43.913Z and has not been modified since then.