Skip to content

CVE lookup

CVE-2026-49857

Pruva has a verified reproduction for CVE-2026-49857: auth-fetch-mcp SSRF via IPv4-mapped IPv6 loopback bypass. The canonical evidence record is REPRO-2026-00205.

REPRO

REPRO-2026-00205

Package

ymw0407/auth-fetch-mcp · npm

Severity

HIGH

Status

published