[CYBERDIGEST]
⊞ Dashboard ⚡ Intelligence 📝 Reports 📚 Global Threats 💻 Hack Lab 🗄️ Resources ⌬ 0xJerry's Lab
📡 RSS Feed
System Online

Tag

#MCP Server

articleHIGH 8.1

Apify Model Context Protocol (MCP) Server: Actor MCP Path Authority Injection Leaks Apify Token

A vulnerability in `@apify/actors-mcp-server` version `0.10.7` allows an attacker to inject a malicious `webServerMcpPath` value, causing the MCP client to exfiltrate the victim's Apify API token to the attacker's server. This is a Server-Side Request Forgery (SSRF) / URL authority injection vulnerability with a CVSS Base Score of 8.1 (High).

Jul 2, 20261 source