Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42856

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS5.5AI score0.00471EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45061

Name of the Vulnerable Software and Affected Versions PraisonAI Platform affected versions not specified Description The server contains multiple authorization flaws. First, a cross-tenant Insecure Direct Object Reference IDOR exists because the require workspace member dependency only validates...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:42 p.m.7 views

CVE-2026-42856

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/11 5:42 p.m.68 views

CVE-2026-42856 Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS0.00471EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 5:42 p.m.14 views

CVE-2026-42856 Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 5:25 p.m.27 views

GHSA-FJ4G-2P96-Q6M3 Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

8.7CVSS6AI score0.00471EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 5:25 p.m.15 views

Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

8.7CVSS6AI score0.00471EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.25 views

PT-2026-37283

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3 Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References8
Rows per page
Query Builder