HIGH-Severity SSRF Flaw Persists in Workspace-Server Despite Partial Timeout Fix

A critical Server-Side Request Forgery (SSRF) vulnerability remains unpatched in the workspace-server codebase, despite a recent pull request that only implemented a superficial timeout. The core security flaw—a complete lack of URL validation before making outbound HTTP requests—leaves internal systems exposed to potential attack. This oversight means the system can be tricked into making unauthorized requests to internal network resources, a classic SSRF attack vector.

The vulnerability is rooted in three specific locations within the `workspace-server/internal/handlers/` directory. In `a2a_proxy.go` (line 462), the `a2aClient.Do(req)` function uses a target URL fetched directly from a database cache without verification. Similarly, in `mcp.go` (lines 559 and 622), the `http.DefaultClient.Do(httpReq)` method is called using URLs returned by the `mcpResolveURL()` function, which also pulls data from the database (`GetCachedURL`, `GetCachedInternalURL`). The recent PR #1036 merely added a 60-second timeout to the `a2aClient`, failing to address the fundamental validation gap that defines the SSRF risk.

This creates a direct pathway for exploitation. If an attacker can register a workspace with a malicious URL, they could potentially force the server to proxy requests to sensitive internal services, bypassing network security controls. The persistence of this HIGH-severity issue (CWE-918) after a purported fix raises significant concerns about the security review process and the prioritization of cosmetic mitigations over core vulnerability remediation. The related P1 issue #1042 remains open, signaling ongoing risk to the system's integrity.