HackMD MCP Server has Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery (SSRF) vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could exploit this vulnerability by passing arbitrary hackmdApiUrl values through HTTP headers (Hackmd-Api-Url) or base64-encoded JSON query parameters. This allows malicious users to: Redirect API calls to internal network services Potentially access sensitive internal endpoints Perform network reconnaissance through the server Bypass network access controls The vulnerability affects the HTTP transport …