What is GHSA-5hr7-6m56-f3rg?

GHSA-5hr7-6m56-f3rg is a security advisory published by GitHub Security Advisories with Low severity. A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b....

Which CVE IDs does GHSA-5hr7-6m56-f3rg cover?

GHSA-5hr7-6m56-f3rg covers the following CVE IDs: CVE-2026-10662. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-5hr7-6m56-f3rg?

GHSA-5hr7-6m56-f3rg has a CVSS v3 base score of 6.3, published by GitHub Security Advisories.

GHSA-5hr7-6m56-f3rgLowCVSS 6.3

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b....

Vendor

GitHub Security Advisories

Published

June 3, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2026-10662 →

📋 Description

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP File Handler. The manipulation of the argument zip_file_url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The patch is identified as 5b37be25242e73dc4cf1328974d30458b9e5d67e. It is advisable to implement a patch to correct this issue.

🔗 References (10)

https://nvd.nist.gov/vuln/detail/CVE-2026-10662
https://github.com/ahujasid/blender-mcp/issues/203
https://github.com/ahujasid/blender-mcp/pull/205
https://github.com/bergskenop/blender-mcp/commit/5b37be25242e73dc4cf1328974d30458b9e5d67e
https://github.com/ahujasid/blender-mcp
https://vuldb.com/cve/CVE-2026-10662
https://vuldb.com/submit/830488
https://vuldb.com/vuln/367957
https://vuldb.com/vuln/367957/cti
https://github.com/advisories/GHSA-5hr7-6m56-f3rg