A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11286
🟡 Medium
CVE-2025-11286: Vulnerability in samanhappy MCPHub
A vulnerability in samanhappy MCPHub up to version 0.9.10 allows server-side request forgery due to manipulation of the argument baseUrl. The attack can be initiated remotely.
CVE ID
CVE-2025-11286
CVSS Score
4.7
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11286
- Severity
- Medium
- CVSS v3 Score
- 4.7 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners