Package impact

npm / open-websearch

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-42260	high	8.2	8.2				18d ago	open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`