SSRF in Mixelpixx Google-research-mcp
CVE-2026-5470
A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-…
Vulnerability class: SSRF (Server-Side Request Forgery)
EPSS: 0.000 (13.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Mixelpixx Google-research-mcp — versions 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2, ca613b736ab787bc926932f59cddc69457185a83
Weakness classification (CWE)
References
- VDB-355074 | mixelpixx Google-Research-MCP Model Context Protocol content-extractor.service.ts extractContent server-side request forgery (technical-description, vdb-entry)
- VDB-355074 | CTI Indicators (IOB, IOC, IOA) (signature, permissions-required)
- Submit #781778 | mixelpixx google-search-mcp 0.1.0 Server-Side Request Forgery (third-party-advisory)
- cna@vuldb.com (issue-tracking, exploit)
Frequently asked questions
- What is CVE-2026-5470?
- CVE-2026-5470 is a medium-severity vulnerability in Mixelpixx Google-research-mcp, classified under Server-Side Request Forgery (SSRF). CVSS score: 6.3/10. Published 2026-04-03.
- How severe is CVE-2026-5470?
- Medium severity. CVSS v3 base score is 6.3 out of 10.