{
  "claim": {
    "argus_claim_ref": null,
    "attacker_control": null,
    "claimed_surface": "api_remote",
    "expected_impact": "assertion_abort",
    "finding_id": null,
    "id": null,
    "required_entrypoint_detail": "/auth",
    "required_entrypoint_kind": "endpoint",
    "submission_reason": "ticket_derived",
    "trigger_class": "service_api",
    "upstream_verdicts": null
  },
  "latest_description": "Target repo: https://github.com/ymw0407/auth-fetch-mcp. Vulnerable package: auth-fetch-mcp (npm). Affected versions: <=3.0.1; fixed in 3.0.2. assertSafeUrl() in src/security.ts calls isPrivateV6() which checks for ::ffff: and then net.isIPv4() on the suffix. The Node.js WHATWG URL parser hex-normalizes ::ffff:127.0.0.1 to ::ffff:7f00:1, so net.isIPv4('7f00:1') returns false and the loopback address bypasses the private-IP guard. Reproduction: install auth-fetch-mcp@3.0.1, run the MCP server with default settings, and invoke the auth_fetch or download_media tool with URL http://[::ffff:127.0.0.1]:<PORT>/. The server will fetch the loopback URL and return the response, confirming SSRF. The advisory provides a detailed trace through src/tools.ts, src/browser.ts, and src/extractor.ts.",
  "product": "auth-fetch-mcp",
  "severity": "high",
  "status": "open",
  "summary": "auth-fetch-mcp SSRF via IPv4-mapped IPv6 loopback bypass",
  "ticket_id": "CVE-2026-49857"
}