rmcp is vulnerable to Server-Side Request Forgery (SSRF)
74
High Risk
The rmcp OAuth client in crates/rmcp/src/transport/auth.rs accepts a server-controlled resource_metadata URL from the WWW-Authenticate header and fetches it without same-origin or private-network validation. An attacker-controlled or compromised MCP server can return a 401 response pointing the client at loopback, RFC 1918, link-local, or cloud metadata endpoints, causing an outbound request from the victim application's network context. This allows server-side request forgery against internal services and cloud metadata endpoints. The fix enforces same-origin resource metadata URLs and blocks loopback, private, link-local, and known cloud metadata hosts.
You are affected if you are using a version that falls within the vulnerable range and your application uses the rmcp OAuth client to connect to MCP servers.
rmcp is vulnerable to Server-Side Request Forgery (SSRF) in versions 0.8.2 - 1.8.0.
Upgrade the rmcp library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant