HIGH
spring-ai-community
CVE published 2026-05-29
CVE-2026-45609
A Server-Side Request Forgery (SSRF) vulnerability exists in the mcp-security framework for Spring AI's Model Context Protocol (MCP) implementation. The framework fails to validate untrusted URLs during OAuth-related discovery and metadata retrieval, allowing attackers to induce the server to make requests to malicious or internal network targets. This vulnerability is only exploitable when Dynamic Client [truncated]