3 matches found
stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback
Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...
PT-2026-47573
Impact Stigmem nodes with federation enabled could be configured to run without mTLS outside loopback-only local development. In affected deployments, federation traffic may traverse the network without the intended transport protection. Impacted users are operators who enabled federation and...
RUSTSEC-2026-0189 DNS rebinding vulnerability in rmcp Streamable HTTP server transport
Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport did not validate the incoming Host header. This allowed a malicious public website, via a DNS rebinding attack, to send requests to an MCP server running on the victim's loopback or private-network interface. An attacker wh...