CVE-2025-11286 | samanhappy MCPHub up to 0.9.10 MCPRouter Service serverController.ts baseUrl server-side request forgery

A vulnerability has been found in samanhappy MCPHub up to 0.9.10 and classified as critical. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the argument baseUrl causes server-side request forgery.

This vulnerability appears as CVE-2025-11286. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More