Описание
Azure MCP Server has Server-Side Request Forgery issue that allows authorized attacker to elevate privileges over a network
Server-Side Request Forgery (SSRF) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2026-26118
- https://github.com/microsoft/mcp/commit/804ff60293206c4d8e832f772097238561bf2c34
- https://github.com/microsoft/mcp/releases/tag/Azure.Mcp.Server-1.0.2
- https://github.com/microsoft/mcp/releases/tag/Azure.Mcp.Server-2.0.0-beta.17
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118
Пакеты
Azure.Mcp
>= 2.0.0-beta.1, < 2.0.0-beta.17
2.0.0-beta.17
Azure.Mcp
>= 1.0.0, < 1.0.2
1.0.2
@azure/mcp
>= 2.0.0-beta.1, < 2.0.0-beta.17
2.0.0-beta.17
msmcp-azure
>= 2.0.0b14, < 2.0.0b17
2.0.0b17
@azure/mcp
>= 1.0.0, < 1.0.2
1.0.2
Связанные уязвимости
Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
Azure MCP Server Tools Elevation of Privilege Vulnerability
Уязвимость сервиса Azure MCP Server Tools, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю повысить свои привилегии