Vulnerability  ·  2026-07-11

aerostack-mcp (mcp-whatsapp) — SSRF via upload_media media_url Argument (CVSS 6.3)

VulnerabilityMedium impactGlobalCVE-2026-15189
The upload_media function of the mcp-whatsapp component in aerostackdev/aerostack-mcp is vulnerable to SSRF via the media_url argument, allowing an attacker to cause the server to make requests to attacker-chosen internal or external destinations.
This is an SSRF in an MCP server component that bridges LLM agents to WhatsApp media handling; while niche in deployment, SSRF in MCP tool servers is a recurring class that can be used for internal network reconnaissance or cloud metadata credential theft from agent infrastructure.
Attacker-supplied media_url in upload_media MCP tool call triggers server-side request to arbitrary destination
aerostackdev aerostack-mcp (mcp-whatsapp component)
Restrict outbound network access from the MCP server; validate media_url against an allowlist
GitHub repository
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →