Server-side Request Forgery (SSRF) Affecting @aborruso/ckan-mcp-server package, versions <0.4.106


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-ABORRUSOCKANMCPSERVER-17893446
  • published8 Jul 2026
  • disclosed7 Jul 2026
  • credithibrian827

Introduced: 7 Jul 2026

NewCVE-2026-53509  (opens in a new tab)
CWE-918  (opens in a new tab)

How to fix?

Upgrade @aborruso/ckan-mcp-server to version 0.4.106 or higher.

Overview

@aborruso/ckan-mcp-server is a MCP server for interacting with CKAN open data portals

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the validateServerUrl hostname check in src/utils/http.ts. An attacker can make the server send outbound requests to loopback or private services by supplying a server_url that resolves to ::1, such as ip6-localhost or ip6-loopback, while still passing the hostname filter. This lets a remote MCP caller reach internal endpoints that were meant to be blocked and receive response-derived data from CKAN-shaped requests, exposing local or private resources to the caller.

Notes

  • On Linux, hostname aliases from /etc/hosts such as ip6-localhost and ip6-loopback can resolve to ::1 even though they are not literal loopback addresses, so deployments that rely on name-based blocking were still exposed.
  • The bypass is relevant anywhere the shared server_url/base_url validation is used by tools that make outbound HTTP requests, not just the single call site named in the draft.

Workarounds

  • Do not allow untrusted callers to supply server_url/base_url values to CKAN tools such as ckan_package_search and sparql_query; restrict those parameters to trusted users or remove access to the tools entirely, which prevents the SSRF path from being used to reach loopback or private services.

CVSS Base Scores

version 4.0
version 3.1