VYPR
High severity7.5NVD Advisory· Published Apr 8, 2026· Updated Apr 15, 2026

CVE-2026-39885

CVE-2026-39885

Description

FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in OpenAPI specifications without configuring any URL restrictions or custom resolvers. A malicious OpenAPI specification containing $ref values pointing to internal network addresses, cloud metadata endpoints, or local files will cause the library to fetch those resources during the initialize() call. This enables Server-Side Request Forgery (SSRF) and local file read attacks when processing untrusted OpenAPI specifications. This vulnerability is fixed in 2.3.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mcp-from-openapinpm
< 2.3.02.3.0
@frontmcp/sdknpm
< 1.0.41.0.4
@frontmcp/adaptersnpm
< 1.0.41.0.4

Affected products

7

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.