Vulnerability Description
FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during the initialize() call. This enables Server-Side Request Forgery (SSRF) and local file read attacks when processing untrusted OpenAPI specifications. This vulnerability is fixed in 2.3.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Agentfront | \@Frontmcp\/Adapters | < 1.0.4 |
| Agentfront | \@Frontmcp\/Sdk | < 1.0.4 |
| Agentfront | Frontmcp | < 1.0.4 |
| Frontmcp | Mcp-From-Openapi | < 2.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/agentfront/frontmcp/releases/tag/v1.0.4Product
- https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxjExploitVendor Advisory
- https://github.com/agentfront/frontmcp/security/advisories/GHSA-v6ph-xcq9-qxxjExploitVendor Advisory
FAQ
What is CVE-2026-39885?
CVE-2026-39885 is a vulnerability with a CVSS score of 7.5 (HIGH). FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in Ope...
How severe is CVE-2026-39885?
CVE-2026-39885 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-39885?
Check the references section above for vendor advisories and patch information. Affected products include: Agentfront \@Frontmcp\/Adapters, Agentfront \@Frontmcp\/Sdk, Agentfront Frontmcp, Frontmcp Mcp-From-Openapi.