{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7094", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-26T08:52:00.971Z", "datePublished": "2026-04-27T06:15:13.569Z", "dateUpdated": "2026-04-27T13:29:31.941Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-27T06:15:13.569Z"}, "title": "ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "ShadowCloneLabs", "product": "GlutamateMCPServers", "versions": [{"version": "e2de73280b01e5d943593dd1aa2c01c5b9112f78", "status": "affected"}], "modules": ["puppeteer_navigate"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-26T10:57:05.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "BruceJin (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359669", "name": "VDB-359669 | ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359669/cti", "name": "VDB-359669 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/800725", "name": "Submit #800725 | ShadowCloneLabs GlutamateMCPServers Commit e2de73280b01e5d943593dd1aa2c01c5b9112f78 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ShadowCloneLabs/GlutamateMCPServers/issues/8", "tags": ["issue-tracking"]}, {"url": "https://github.com/BruceJqs/public_exp/issues/7", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/ShadowCloneLabs/GlutamateMCPServers/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T13:13:07.373897Z", "id": "CVE-2026-7094", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:29:31.941Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7094", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T13:13:07.373897Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T13:13:08.417Z"}}], "cna": {"title": "ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "BruceJin (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "ShadowCloneLabs", "modules": ["puppeteer_navigate"], "product": "GlutamateMCPServers", "versions": [{"status": "affected", "version": "e2de73280b01e5d943593dd1aa2c01c5b9112f78"}]}], "timeline": [{"lang": "en", "time": "2026-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-26T10:57:05.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359669", "name": "VDB-359669 | ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359669/cti", "name": "VDB-359669 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/800725", "name": "Submit #800725 | ShadowCloneLabs GlutamateMCPServers Commit e2de73280b01e5d943593dd1aa2c01c5b9112f78 Server-Side Request Forgery", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ShadowCloneLabs/GlutamateMCPServers/issues/8", "tags": ["issue-tracking"]}, {"url": "https://github.com/BruceJqs/public_exp/issues/7", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/ShadowCloneLabs/GlutamateMCPServers/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-27T06:15:13.569Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7094", "state": "PUBLISHED", "dateUpdated": "2026-04-27T13:29:31.941Z", "dateReserved": "2026-04-26T08:52:00.971Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-27T06:15:13.569Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shadowclonelabs:glutamate_mcp_servers:*:*:*:*:*:*:*:*", "matchCriteriaId": "64B4641C-DFF2-4C3B-B755-A1D703DE5152", "versionEndIncluding": "2025-06-26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-7094", "lastModified": "2026-05-01T20:30:09.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-27T07:16:04.893", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "url": "https://github.com/BruceJqs/public_exp/issues/7"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/ShadowCloneLabs/GlutamateMCPServers/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/ShadowCloneLabs/GlutamateMCPServers/issues/8"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/submit/800725"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/vuln/359669"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/vuln/359669/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "e2de73280b01e5d943593dd1aa2c01c5b9112f78"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "GlutamateMCPServers", "source": "cna", "vendor": "ShadowCloneLabs"}, "product": "glutamatemcpservers", "vendor": "shadowclonelabs"}], "analysis": {"en": {"generated_at": "2026-04-28T13:10:34.112212+00:00", "value": {"mitigation_remediation": ["Upgrade to a version of GlutamateMCPServers released after the commit e2de73280b01e5d943593dd1aa2c01c5b9112f78 that contains the SSRF fix (if available).", "Implement outbound request filtering or a whitelist that limits which external hosts the server may contact, thereby mitigating potential SSRF exploitation.", "If the puppeteer_navigate feature is not needed, disable or remove the function to eliminate the vulnerable code path."], "summary": {"action": "Assess Impact", "impact": "Server Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The flaw affects ShadowCloneLabs GlutamateMCPServers up to commit e2de73280b01e5d943593dd1aa2c01c5b9112f78. Because the project uses a rolling\u2011release continuous delivery model, no specific version numbers are disclosed; any deployment running the affected code base is potentially vulnerable.", "description_and_impact": "An attacker can manipulate the URL argument passed to the puppeteer_navigate function in src/puppeteer/index.ts and force the server to make outbound HTTP requests to arbitrary destinations. This server\u2011side request forgery can expose internal network services, exfiltrate data, or facilitate further lateral movement. The vulnerability is exploitable remotely and has been publicly disclosed, indicating that malicious actors could already target vulnerable instances.", "risk_and_exploitability": "The CVSS score of 6.9 reflects a moderate severity, and the EPSS score of <\u202f1\u202f% indicates a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require the attacker to supply a crafted URL to the vulnerable endpoint, which can be performed from an arbitrary remote location, then the server will issue an outbound request."}}}}, "created": "2026-04-27T19:51:36.353653+00:00", "updated": "2026-04-28T13:15:31.882565+00:00", "vendors": ["shadowclonelabs", "shadowclonelabs$PRODUCT$glutamatemcpservers"]}