AhujaSid Blender-MCP Server-Side Request Forgery Vulnerability

A server-side request forgery (SSRF) vulnerability exists in the AhujaSid Blender-MCP integration, specifically within the MCP server component. The issue arises because the 'zip_file_url' parameter in the 'import_generated_asset_hunyuan' tool is passed to the 'requests.get()' function without proper validation, allowing the Blender process to make HTTP GET requests to arbitrary destinations. This vulnerability can be exploited remotely, potentially leading to unauthorized access to internal services or metadata endpoints. The flaw has been publicly disclosed and could be actively exploited.

Impact

Exploitation of this vulnerability allows for server-side request forgery, where the application is tricked into making HTTP requests on behalf of the attacker. This could be used to access internal services, cloud metadata, or external servers controlled by the attacker.

Reproduction

To reproduce this vulnerability, first ensure that the AhujaSid Blender-MCP addon is installed and enabled in Blender. Then, start the MCP server and enable the Hunyuan3D integration. Once the server is running, use the 'import_generated_asset_hunyuan' tool through the MCP Inspector, providing a crafted 'zip_file_url' that points to a webhook or another URL where the request can be observed. After executing the tool, the SSRF request will be made from the Blender process, demonstrating the vulnerability.

Remediation

Users are advised to update to the patched version of the AhujaSid Blender-MCP integration, which includes validation improvements to prevent SSRF and arbitrary file read vulnerabilities.