PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls

Summary The gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, an attacker can cause the ExecApprovalManager to...

CVE-2026-27825 MCP Atlassian has an arbitrary file write leading to arbitrary code execution via unconstrained download_path in confluence_download_attachment

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, the confluencedownloadattachment MCP tool accepts a downloadpath parameter that is written to without any directory boundary enforcement. An attacker who can call this tool an...