This vulnerability is trending on Twitter; this may indicate a growing threat.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade auth-fetch-mcp to version 3.0.2 or higher.
auth-fetch-mcp is a MCP server that lets AI read Notion, Google Docs, Jira & any login-protected page via a real browser
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the isPrivateV6 function, which fails to properly detect IPv4-mapped IPv6 loopback addresses in their hex-normalized form. An attacker can access internal network services and retrieve sensitive information by supplying specially crafted URLs that bypass address validation.