Intel

AIKIDO-2026-461209

@strapi/content-manager is vulnerable to Information Disclosure

Information Disclosure Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Jun 25, 2026

31

Low Risk

This Affects:

JS@strapi/content-manager
5.47.0 - 5.48.1
Fixed in 5.49.0
Are you affected? Scan for Free

TL;DR

Strapi exposes Model Context Protocol (MCP) tools through @strapi/content-manager that return content entries with their relation fields fully populated. The output sanitizer applies only the permission rules of the caller's own content type, so scalar fields belonging to related documents are never checked against any permission scope. Private or otherwise restricted fields of related content types are returned in MCP responses such as the get_ and list_ tools. The fix reduces relations in MCP output to an identity-only shape that keeps only documentId plus locale or __type when relevant.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and you have the beta MCP server enabled.

Background info

@strapi/content-manager is vulnerable to Information Disclosure in versions 5.47.0 - 5.48.1.

How to fix this

Upgrade the @strapi/content-manager library to the patch version.