[ ⌘K ]
← BACK TO SEARCH

meetsumitsah/mcp

critical

mcpserver

This MCP server provides joke-fetching tools (Chuck Norris and dad jokes) for integration with Microsoft Copilot Studio, demonstrating how to deploy a...

purpose: This MCP server provides joke-fetching tools (Chucthreat: network exposed
Bicep0May 20, 2026May 20, 2026GITHUB
Vulnerability Analysis[ 5 findings in 4 blocks ]
5/20/2026
high1 finding
src/server.ts
37const response = await fetch(
38  `https://api.chucknorris.io/jokes/random?category=${params.category}`
39);

// Exploitable if MCP is exposed to untrusted prompts or if an attacker can control the category input.

The category parameter is directly interpolated into the URL without validation or sanitization. An attacker could inject arbitrary URL components, potentially redirecting the request to internal services or other endpoints.

ImpactAn attacker could exploit this to perform SSRF attacks, accessing internal network resources or external services not intended by the application.

FixValidate the category parameter against a list of allowed categories (e.g., fetch categories first and check membership) or use a URL constructor with proper encoding.

medium2 findings
src/server.ts
37    const response = await fetch(
38      `https://api.chucknorris.io/jokes/random?category=${params.category}`
39    );
medium1 finding
src/server.ts
33{
34  category: z.string().describe("Category of the Chuck Norris joke")
35},

// Exploitable if MCP is exposed to untrusted prompts.

The category parameter is only typed as a string with no further validation (e.g., no regex, no allowed values list). This allows arbitrary strings to be passed, which could lead to injection or unexpected behavior.

ImpactAn attacker could provide unexpected input that might cause errors, bypass intended logic, or be used in conjunction with other vulnerabilities.

FixAdd validation to restrict category to a known set of values, e.g., using z.enum() with the list of valid categories.

low1 finding
src/server.ts
156app.listen(PORT, () => {

// Exploitable only if the server is exposed to the network; local-only MCP would not be affected.

The server listens on all network interfaces (0.0.0.0) by default when no host is specified. This exposes the MCP server to the network, which may be unintended for a local-only tool.

ImpactAn attacker on the same network could send requests to the MCP server, potentially exploiting other vulnerabilities.

FixBind to 127.0.0.1 (localhost) by default, or make the host configurable and default to localhost.

Heuristic Signals
env.exposurenetwork.http

Risk Score

75
LLM-based
low findings+5
high findings+25
medium findings+45

Scans

scoringcompleted