{
  "verdict": "confirmed_distinct_bypass",
  "confirmed": true,
  "is_bypass": true,
  "is_distinct_variant": true,
  "variant_id": "CVE-2026-58196-dcr-metadata-redirect-bypass",
  "tested_versions": [
    {
      "role": "vulnerable_baseline",
      "version": "0.30.0",
      "commit_sha": "bc4beddb921523d1f314b82b5b9d4249ee0a605b",
      "canary_hit": true
    },
    {
      "role": "fixed_target",
      "version": "0.31.0",
      "commit_sha": "493d030ed24b8c012db4c5717475a2386f5b72ce",
      "canary_hit": true
    },
    {
      "role": "latest_release",
      "version": "0.38.0",
      "commit_sha": "116421213382e82016067d32581b61f4fe1ab807",
      "canary_hit": true
    }
  ],
  "validated_surface": "api_remote",
  "evidence_scope": "production_path",
  "observed_impact_class": "ssrf",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "Remote MCP auth challenge metadata URL and authorization-server metadata redirect during Dynamic Client Registration discovery.",
  "trigger_path": "thv run <remote-url> --remote-auth -> resource_metadata direct JSON -> authorization_servers -> DCR resolver re-fetch -> unguarded oauthproto metadata redirect to loopback canary",
  "end_to_end_target_reached": true,
  "runtime_backed": true,
  "sanitizer_used": false,
  "blocking_mitigation": null,
  "claim_block_reason": null,
  "why_distinct": "The parent proof exercises a 302 while fetching RFC 9728 protected-resource metadata. This variant avoids that fixed path by returning direct RFC 9728 JSON, then triggers SSRF later when DCR re-fetches RFC 8414 authorization-server metadata through oauthproto.FetchAuthorizationServerMetadata with an unguarded nil-client default.",
  "fixed_version_result": "ToolHive v0.31.0 followed the DCR metadata redirect to the loopback canary; fixed_auth.log records dcr_metadata_redirect and fixed_canary.log records the host-side GET.",
  "latest_version_result": "ToolHive v0.38.0 also followed the DCR metadata redirect to the loopback canary.",
  "proof_artifacts": [
    "bundle/logs/vuln_variant/reproduction_steps.log",
    "bundle/logs/vuln_variant/variant_attempts.jsonl",
    "bundle/logs/vuln_variant/fixed_auth.log",
    "bundle/logs/vuln_variant/fixed_canary.log",
    "bundle/logs/vuln_variant/latest_canary.log",
    "bundle/vuln_variant/runtime_manifest.json"
  ],
  "script_exit_code_semantics": {
    "exit_0": "variant reproduced on fixed v0.31.0",
    "exit_1": "variant did not reproduce on fixed v0.31.0 or setup failed before confirmation"
  },
  "idempotency": {
    "ran_twice": true,
    "first_run_exit_code": 0,
    "second_run_exit_code": 0
  },
  "inferred": false
}
