CVE-2026-7417 | Algovate xhs-mcp 0.8.11 MCP Interface src/server/mcp.server.ts xhs_publish_content media_paths server-side request forgery

A vulnerability has been found in Algovate xhs-mcp 0.8.11 and classified as critical. This affects the function xhs_publish_content of the file src/server/mcp.server.ts of the component MCP Interface. Performing a manipulation of the argument media_paths results in server-side request forgery.

This vulnerability was named CVE-2026-7417. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More