A vulnerability categorized as critical has been discovered in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b . The affected element is the function requests.get of the file src/blender_mcp/server.py of the component ZIP File Handler . The manipulation of the argument zip_file_url results in server-side request forgery. This vulnerability is identified as CVE-2026-10662 . The attack can be executed remotely. Additionally, an exploit exists. This product implements a rolling