solidity-erc721
on https://mcp.openzeppelin.com/contracts/solidity/mcp
Severity
1 finding on this tool
- highssrf surfacef-r8-solidity_erc721
Tool `solidity-erc721` accepts an unconstrained URL / endpoint parameter
The parameter(s) `baseUri` look like URL or endpoint inputs but carry no `pattern` or `enum` constraint. An agent tricked by an indirect-injection payload can invoke this tool with an internal-service URL (e.g. `http://169.254.169.254/`) to exfiltrate cloud metadata, probe internal APIs, or pivot to services the host can reach but the caller cannot.
fix: Constrain the URL parameter with an allow-list `enum`, or a `pattern` that restricts scheme and domain. Validate server-side against an allow-list and reject private / loopback / link-local address ranges at the HTTP client level.
OWASP LLM07NIST MANAGE-2.2ATLAS T0051
About this tool
solidity-erc721 is one of 8 tools exposed by OpenZeppelin Solidity Contracts MCP. The server scored 92/100 overall against the capframe rule engine (source: http). Last scanned 2026-06-26.
The findings above are emitted by the public capframe.findings.v1 schema. Disagree with one? Open an issue.