Skip to content

Add SSRF protection for HTTP client redirects #2106

New issue
New issue
Open
Open
Add SSRF protection for HTTP client redirects#2106
Labels
P1Significant bug affecting many users, highly requested featurebugSomething isn't workingv2Ideas, requests and plans for v2 of the SDK which will incorporate major changes and fixes
@maxisbey

Description

@maxisbey
maxisbey
opened on Feb 19, 2026

Summary

The SDK creates httpx.AsyncClient with follow_redirects=True but no redirect validation. A malicious MCP server can redirect requests to internal network addresses (http://localhost, http://169.254.169.254, http://metadata.google.internal), enabling SSRF attacks.

Location

src/mcp/shared/_httpx_utils.py — the shared httpx client factory.

Proposed Fix

  1. Default: Block HTTPS-to-HTTP downgrades on redirects
  2. Provide configurable RedirectPolicy presets:
    • BLOCK_SCHEME_DOWNGRADE (default) — block HTTPS→HTTP redirects
    • ENFORCE_HTTPS (strict) — only allow HTTPS destinations
    • ALLOW_ALL (legacy) — current behavior, no restrictions
  3. Consider also blocking redirects to private/link-local IP ranges

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1Significant bug affecting many users, highly requested featurebugSomething isn't workingv2Ideas, requests and plans for v2 of the SDK which will incorporate major changes and fixes

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions