A vulnerability categorized as critical has been discovered in ondata ckan-mcp-server up to 0.4.84 . The impacted element is the function ckan_package_search of the component Internal Network Service Handler . The manipulation of the argument base_url results in server-side request forgery. This vulnerability is identified as CVE-2026-33060 . The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.