CVE-2026-10274
Description
The aem-mcp-server project is vulnerable to Server-Side Request Forgery (SSRF) due to improper validation of the assetPath argument in the getAssetMetadata function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The aem-mcp-server project is vulnerable to Server-Side Request Forgery (SSRF) due to improper validation of the assetPath argument in the getAssetMetadata function.
Vulnerability
The aem-mcp-server project, specifically up to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583, contains a Server-Side Request Forgery (SSRF) vulnerability in the getAssetMetadata function within src/mcp-server.ts [1][2]. The vulnerability exists because the assetPath argument is passed directly to an Axios request without sufficient validation against allowed AEM content roots, allowing a caller to influence the destination of the outbound HTTP request [2].
Exploitation
An attacker must be able to invoke the getAssetMetadata MCP tool or its corresponding JSON-RPC/HTTP method [2]. By providing a crafted absolute or protocol-relative URL as the assetPath argument, an attacker can force the server to perform requests to arbitrary external or internal hosts instead of the intended AEM instance [2].
Impact
Successful exploitation allows an attacker to perform unauthorized outbound requests from the server's network position [2]. This can lead to the exposure of internal services, sensitive metadata, or the potential for further exploitation of internal network resources, depending on the server's egress capabilities [2].
Mitigation
There is no fixed version available at this time, and the project maintainers have not yet responded to the vulnerability report [2]. Users are advised to monitor the repository for updates or implement strict input validation on the assetPath parameter before it reaches the getAssetMetadata handler.
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application fails to validate the assetPath argument, allowing for server-side request forgery."
Attack vector
An attacker can remotely trigger this vulnerability by providing a malicious assetPath argument to the getAssetMetadata function. This manipulation allows the server to perform unauthorized requests to internal or external resources. The vulnerability is accessible via the Axios Request Flow component [ref_id=1].
Affected code
The vulnerability is located in the getAssetMetadata function within the src/mcp-server.ts file.
What the fix does
No patch has been published to address this vulnerability. The advisory does not specify a remediation; however, users should implement strict input validation and sanitization for the assetPath parameter to ensure it conforms to expected paths within the AEM environment. Restricting the server's ability to make arbitrary outbound requests is also recommended.
Preconditions
- networkThe attacker must have network access to the AEM MCP server instance.
- authThe attacker must possess valid credentials for the MCP server as authentication is required for all operations.
Reproduction
The vulnerability is documented in the project's issue tracker at https://github.com/indrasishbanerjee/aem-mcp-server/issues/3 [ref_id=1].
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.