📄 Description (English)
A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The project was informed of the problem early through an issue report but has not responded yet.
🤖 AI Executive Summary
A server-side request forgery (SSRF) vulnerability exists in the aem-mcp-server component's getAssetMetadata function, allowing remote attackers to manipulate the assetPath parameter to forge arbitrary server requests. With a CVSS score of 6.3 and publicly disclosed exploit details, this poses a moderate risk to organizations using this component. No patch is currently available, requiring immediate compensating controls and architectural review.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Jun 1, 2026 20:20
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using Adobe Experience Manager (AEM) implementations or custom integrations with aem-mcp-server. Most at-risk sectors include: Government digital transformation initiatives (NCA, CITC), Banking and Financial Services (SAMA-regulated institutions), Healthcare providers using AEM for patient portals, and Energy sector (ARAMCO) digital platforms. The SSRF vulnerability could enable attackers to access internal resources, bypass network segmentation, or pivot to backend systems. Organizations with public-facing AEM instances or those integrating this component with sensitive internal services face elevated risk.
🏢 Affected Saudi Sectors
Government (Digital Transformation, NCA)
Banking and Financial Services (SAMA-regulated)
Healthcare (Patient Portals, Medical Records)
Energy (ARAMCO, Utilities)
Telecommunications (STC, Mobily)
E-commerce and Retail
Media and Publishing
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all systems using aem-mcp-server component and identify instances with exposed getAssetMetadata endpoints
2. Implement network-level controls: restrict outbound connections from AEM servers to only necessary internal/external services
3. Deploy Web Application Firewall (WAF) rules to detect and block suspicious assetPath parameters containing internal IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.1) or metadata service endpoints (169.254.169.254)
COMPENSATING CONTROLS:
4. Implement strict input validation: whitelist allowed assetPath values and reject any containing protocol schemes (http://, https://, file://, gopher://, etc.)
5. Disable or restrict access to getAssetMetadata endpoint if not actively used; implement authentication/authorization checks
6. Configure firewall rules to prevent AEM servers from accessing internal services (databases, admin panels, cloud metadata services)
7. Monitor outbound connections from AEM instances for anomalous destinations
DETECTION:
8. Log all requests to getAssetMetadata with full parameter values
9. Alert on assetPath parameters containing: IP addresses, localhost references, internal domain names, or protocol schemes
10. Monitor for HTTP 200 responses with unusual content types or sizes from getAssetMetadata
LONG-TERM:
11. Evaluate alternative components or request security patch from indrasishbanerjee project
12. Consider code review of aem-mcp-server implementation for additional SSRF vectors
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع الأنظمة التي تستخدم مكون aem-mcp-server وتحديد الحالات ذات نقاط نهاية getAssetMetadata المكشوفة
2. تطبيق ضوابط على مستوى الشبكة: تقييد الاتصالات الصادرة من خوادم AEM إلى الخدمات الداخلية/الخارجية الضرورية فقط
3. نشر قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن حجب معاملات assetPath المريبة التي تحتوي على نطاقات IP الداخلية أو نقاط نهاية خدمات البيانات الوصفية
الضوابط التعويضية:
4. تطبيق التحقق الصارم من المدخلات: إدراج قيم assetPath المسموحة في قائمة بيضاء ورفض أي منها يحتوي على مخططات بروتوكول
5. تعطيل أو تقييد الوصول إلى نقطة نهاية getAssetMetadata إذا لم تكن قيد الاستخدام النشط
6. تكوين قواعد جدار الحماية لمنع خوادم AEM من الوصول إلى الخدمات الداخلية
7. مراقبة الاتصالات الصادرة من حالات AEM للكشف عن الوجهات الشاذة
الكشف:
8. تسجيل جميع الطلبات إلى getAssetMetadata مع قيم المعاملات الكاملة
9. التنبيه على معاملات assetPath التي تحتوي على عناوين IP أو مراجع localhost أو أسماء نطاقات داخلية
10. مراقبة استجابات HTTP 200 ذات أنواع محتوى أو أحجام غير عادية
المدى الطويل:
11. تقييم المكونات البديلة أو طلب تصحيح أمني من مشروع indrasishbanerjee
12. النظر في مراجعة الكود لتطبيق aem-mcp-server للبحث عن متجهات SSRF إضافية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements in supplier relationships
ECC 2024 A.8.2.3 - User access management and authentication
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
🔵 SAMA CSF
SAMA CSF ID.BE-3 - Organizational resilience and risk management
SAMA CSF PR.AC-1 - Access control and authentication
SAMA CSF DE.CM-1 - Detection and monitoring of anomalous activity
🟡 ISO 27001:2022
ISO 27001:2022 A.5.23 - Information security for supplier relationships
ISO 27001:2022 A.8.1 - User endpoint devices and computing resources
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities and exposures
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates for system components
PCI DSS 6.5.1 - Injection flaws prevention
PCI DSS 11.2 - Vulnerability scanning and assessment
🔗 References & Sources 6
🔗
🔗
🔗
🔗
🔗
🔗
https://github.com/indrasishbanerjee/aem-mcp-server/
cna@vuldb.com
https://github.com/indrasishbanerjee/aem-mcp-server/issues/3
cna@vuldb.com
https://vuldb.com/cve/CVE-2026-10274
cna@vuldb.com
https://vuldb.com/submit/825401
cna@vuldb.com
https://vuldb.com/vuln/367553
cna@vuldb.com
https://vuldb.com/vuln/367553/cti
cna@vuldb.com