Posted by outreach on May 25
—–BEGIN SECURITY ADVISORY—–
Title: Server-Side Request Forgery (SSRF) in Anthropic mcp-server-fetch and Microsoft playwright-mcp
Author: Syed Anas Mohiuddin <anasmohiuddinsyed () gmail com>
Date: May 25, 2026
CVSS: 7.5 (HIGH) — AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References: Already public via GitHub issues (see below)
== AFFECTED PRODUCTS ==
1. Anthropic mcp-server-fetch (modelcontextprotocol/servers)
All versions as of May…
– Read More – Full Disclosure
