CNNVD-202509-2013 Information

CNNVD ID

CNNVD-202509-2013

Related CVE

CVE-2025-59155

• CNNVD Published: 2025-09-15

Description (Chinese)

HackMD MCP Server是yuna0x0个人开发者的一个上下文协议服务器。 hackmd-mcp 1.4.0版本至1.5.0之前版本存在代码问题漏洞，该漏洞源于HTTP传输模式下未验证Hackmd-Api-Url标头或base64编码JSON查询参数，可能导致服务端请求伪造攻击。

Description (English)

HackMD MCP Server is a context protocol server for yuna0x0 personal developers. Backmd-mcp versions 1.4.0 to 1.5.0 have a code problem loophole, which stems from the failure to verify the Hackmd-Api-Url header or the Base64 code JSON query parameters under HTTP transmission mode, which may result in a service request for a false attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/yuna0x0/hackmd-mcp/commit/43936c78a5bb3dedc74e8f080607a1125caa8c13 https://github.com/yuna0x0/hackmd-mcp/security/advisories/GHSA-g5cg-6c7v-mmpw

Patch

https://github.com/yuna0x0/hackmd-mcp/releases