# CVE-2026-49857

## Summary

auth-fetch-mcp SSRF via IPv4-mapped IPv6 loopback bypass

## Description

Target repo: https://github.com/ymw0407/auth-fetch-mcp. Vulnerable package: auth-fetch-mcp (npm). Affected versions: <=3.0.1; fixed in 3.0.2. assertSafeUrl() in src/security.ts calls isPrivateV6() which checks for ::ffff: and then net.isIPv4() on the suffix. The Node.js WHATWG URL parser hex-normalizes ::ffff:127.0.0.1 to ::ffff:7f00:1, so net.isIPv4('7f00:1') returns false and the loopback address bypasses the private-IP guard. Reproduction: install auth-fetch-mcp@3.0.1, run the MCP server with default settings, and invoke the auth_fetch or download_media tool with URL http://[::ffff:127.0.0.1]:<PORT>/. The server will fetch the loopback URL and return the response, confirming SSRF. The advisory provides a detailed trace through src/tools.ts, src/browser.ts, and src/extractor.ts.

## Metadata

- Product: auth-fetch-mcp
- Severity: high
- Status: open
