HackMD MCP Server HTTP Mode Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in HackMD MCP versions 1.4.0 prior to 1.5.0. This vulnerability occurs when the server is run in HTTP transport mode, allowing attackers to send arbitrary hackmdApiUrl values via the Hackmd-Api-Url HTTP header or a base64-encoded JSON query parameter. The lack of validation on these inputs enables redirection of outbound API requests to internal network services, potentially accessing sensitive internal endpoints, performing network reconnaissance, and bypassing network access controls. The stdio transport mode is not affected as it only accepts stdio requests.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where an attacker can redirect internal requests to external services or vice versa, potentially accessing sensitive data or services that are not normally exposed.

Remediation

Users can update to version 1.5.0 or later, which includes a default allowlist for HackMD API URLs. Alternatively, the HTTP transport mode can be disabled by using stdio mode, or network access can be restricted through firewall rules or reverse proxy filtering.