In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade mcp-searxng to version 1.7.1 or higher.
mcp-searxng is a MCP server for SearXNG integration
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the web_url_read process due to insufficient validation in the assertUrlAllowed function. An attacker can access internal network resources and exfiltrate sensitive data by supplying a crafted URL that resolves to a private or loopback IP address via DNS, bypassing hostname string checks. This is only exploitable if the server is running in default HTTP mode with authentication disabled or if an AI agent connected to the server can be influenced to call web_url_read with attacker-controlled input.