pruva-verify REPRO-2026-00205 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00205/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh Target repo: https://github.com/ymw0407/auth-fetch-mcp. Vulnerable package: auth-fetch-mcp (npm). Affected versions: <=3.0.1; fixed in 3.0.2. assertSafeUrl() in src/security.ts calls isPrivateV6() which checks for ::ffff: and then net.isIPv4() on the suffix. The Node.js WHATWG URL parser hex-normalizes ::ffff:127.0.0.1 to ::ffff:7f00:1, so net.isIPv4('7f00:1') returns false and the loopback address bypasses the private-IP guard. Reproduction: install auth-fetch-mcp@3.0.1, run the MCP server with default settings, and invoke the auth_fetch or download_media tool with URL http://[::ffff:127.0.0.1]:/. The server will fetch the loopback URL and return the response, confirming SSRF. The advisory provides a detailed trace through src/tools.ts, src/browser.ts, and src/extractor.ts.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.