A vulnerability labeled as critical has been found in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583 . This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow . Executing a manipulation of the argument assetPath can lead to server-side request forgery. This vulnerability is tracked as CVE-2026-10274 . The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. Thi