CVE-2026-7147 | JoeCastrom mcp-chat-studio up to 1.5.0 LLM Models API server/routes/llm.js req.query.base_url server-side request forgery

A vulnerability, which was classified as critical, has been found in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base_url results in server-side request forgery.

This vulnerability is known as CVE-2026-7147. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More