Algovate xhs-mcp Server-Side Request Forgery and Path Traversal Vulnerability
Vulnerability
A server-side request forgery (SSRF) vulnerability and a path traversal vulnerability have been identified in Algovate xhs-mcp version 0.8.11. The SSRF vulnerability arises in the xhs_publish_content function of the MCP Interface, where user-supplied media_paths values beginning with 'http://' or 'https://' are fetched via an unvalidated outbound request. This could allow access to internal or loopback services. The path traversal vulnerability allows attackers to supply local video paths that escape the project directory, leading to unauthorized filesystem access. Both vulnerabilities can be exploited by an attacker with access to the MCP interface, potentially allowing interaction with internal network endpoints and access to local files outside the intended workspace.
Impact
Exploitation of the SSRF vulnerability could allow interaction with internal or loopback HTTP services reachable from the server, while the path traversal vulnerability could expose filesystem metadata and unintentionally introduce local media files into the upload workflow.
Reproduction
To reproduce the SSRF vulnerability, upload a valid PNG image to a local HTTP server and then call the 'xhs_publish_content' tool in MCP Inspector with the image URL as a media path. The server will fetch the image, demonstrating the SSRF exploit. For the path traversal vulnerability, create a large video file outside the project directory, then call 'xhs_publish_content' with a media path that includes '../' sequences to access the file. The server's response will confirm the file was accessed, indicating successful exploitation.
Remediation
No fixed version is available at the time of reporting. However, it is recommended to disable URL-based media downloads and local media path support when the MCP server is accessible by untrusted callers. Enforcing strict URL allowlists for image hosts and blocking internal, link-local, and cloud metadata destinations after DNS resolution could also mitigate the risks.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.