CVE-2026-33060: SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks

March 18, 2026 (updated March 20, 2026)

The @aborruso/ckan-mcp-server MCP server provides tools including ckan_package_search and sparql_query that accept a base_url parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network services.

References

github.com/advisories/GHSA-3xm7-qw7j-qc8v
github.com/kysely-org/kysely/commit/0a602bff2f442f6c26d5e047ca8f8715179f6d24
github.com/ondata/ckan-mcp-server
github.com/ondata/ckan-mcp-server/security/advisories/GHSA-3xm7-qw7j-qc8v
nvd.nist.gov/vuln/detail/CVE-2026-33060

Code Behaviors & Features

Detect and mitigate CVE-2026-33060 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →