CVE lookup
CVE-2026-49857
Pruva has a verified reproduction for CVE-2026-49857: auth-fetch-mcp SSRF via IPv4-mapped IPv6 loopback bypass. The canonical evidence record is REPRO-2026-00205.
REPRO
REPRO-2026-00205
Package
ymw0407/auth-fetch-mcp · npm
Severity
HIGH
Status
published