What happened
A server-side request forgery flaw in the mcp-wiki component of this MCP server collection lets an attacker manipulate the url parameter to make the server issue requests to arbitrary destinations, including internal network resources.
Why it matters
SSRF in any MCP tool server can be used to probe internal networks or reach cloud metadata endpoints when the MCP server runs in a cloud environment adjacent to other AI infrastructure, though this specific project has a narrow deployment footprint.
Attack vector
The mcp-wiki/wiki-summary component's server.py handles the url argument without validating the destination, allowing an attacker to trigger server-side requests against internal or restricted network destinations.
Affected systems
AIAnytime Awesome-MCP-Server up to commit a884bb51bcd99e08e14fd712c749d55d9d9a13ab
Mitigation
Apply an allowlist for the url argument or validate destinations against a denylist of internal address ranges; check upstream repository for a fix.