@strapi/content-manager is vulnerable to Information Disclosure
31
Low Risk
Strapi exposes Model Context Protocol (MCP) tools through @strapi/content-manager that return content entries with their relation fields fully populated. The output sanitizer applies only the permission rules of the caller's own content type, so scalar fields belonging to related documents are never checked against any permission scope. Private or otherwise restricted fields of related content types are returned in MCP responses such as the get_ and list_ tools. The fix reduces relations in MCP output to an identity-only shape that keeps only documentId plus locale or __type when relevant.
You are affected if you are using a version that falls within the vulnerable range and you have the beta MCP server enabled.
@strapi/content-manager is vulnerable to Information Disclosure in versions 5.47.0 - 5.48.1.
Upgrade the @strapi/content-manager library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant