CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteer_navigate. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

CVSS v3 7.3 HIGH
CVSS v2.0 7.5 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/BruceJqs/public_exp/issues/7	Exploit Third Party Advisory Issue Tracking
https://github.com/ShadowCloneLabs/GlutamateMCPServers/	Product
https://github.com/ShadowCloneLabs/GlutamateMCPServers/issues/8	Issue Tracking
https://vuldb.com/submit/800725	Third Party Advisory
https://vuldb.com/vuln/359669	Third Party Advisory
https://vuldb.com/vuln/359669/cti	Permissions Required

Configurations

Configuration 1 (hide)

cpe:2.3:a:shadowclonelabs:glutamate_mcp_servers:*:*:*:*:*:*:*:*

History

01 May 2026, 20:30

Type	Values Removed	Values Added
First Time		Shadowclonelabs glutamate Mcp Servers Shadowclonelabs
CPE		cpe:2.3:a:shadowclonelabs:glutamate_mcp_servers::::::::
References	~~() https://github.com/BruceJqs/public_exp/issues/7 -~~	() https://github.com/BruceJqs/public_exp/issues/7 - Exploit, Third Party Advisory, Issue Tracking
References	~~() https://github.com/ShadowCloneLabs/GlutamateMCPServers/ -~~	() https://github.com/ShadowCloneLabs/GlutamateMCPServers/ - Product
References	~~() https://github.com/ShadowCloneLabs/GlutamateMCPServers/issues/8 -~~	() https://github.com/ShadowCloneLabs/GlutamateMCPServers/issues/8 - Issue Tracking
References	~~() https://vuldb.com/submit/800725 -~~	() https://vuldb.com/submit/800725 - Third Party Advisory
References	~~() https://vuldb.com/vuln/359669 -~~	() https://vuldb.com/vuln/359669 - Third Party Advisory
References	~~() https://vuldb.com/vuln/359669/cti -~~	() https://vuldb.com/vuln/359669/cti - Permissions Required

27 Apr 2026, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-27 07:16

Updated : 2026-05-01 20:30

NVD link : CVE-2026-7094

Mitre link : CVE-2026-7094

CVE.ORG link : CVE-2026-7094

JSON object : View

Products Affected

shadowclonelabs

glutamate_mcp_servers

CWE

CWE-918

Server-Side Request Forgery (SSRF)

7.3 /10