Technical description
Improper JSON schema reference handling in mcp-from-openapi library enables Server-Side Request Forgery (SSRF) and local file read. CVSS 7.5. Attackers can access internal services and read local files through crafted schema references.
Attack vector
Crafted JSON schema references exploit insufficient validation in the MCP-to-OpenAPI translation layer, enabling SSRF to internal services and local file read.
Affected systems
Applications using mcp-from-openapi library to bridge OpenAPI specifications with MCP protocol endpoints.
Mitigation
Update mcp-from-openapi library. Implement strict JSON schema reference validation and restrict outbound network access from MCP server processes.