Lucene search
K

11 matches found

OSV
OSV
added 2026/06/18 3:32 p.m.5 views

GHSA-5GF6-GC35-XJPC MCP Toolbox for Databases: authenticated authorization bypass

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS5.9AI score0.0015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42856

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS5.5AI score0.00471EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.39 views

CVE-2026-42856

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS0.00471EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:42 p.m.6 views

CVE-2026-42856

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/05 5:25 p.m.4 views

GHSA-FJ4G-2P96-Q6M3 Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls

Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested...

8.7CVSS6AI score0.00471EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 5:25 p.m.8 views

Missing Authentication for Critical Function

Overview network-ai is an AI agent orchestration framework for TypeScript/Node.js - 29 adapters LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Compu Affected version...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.24 views

PT-2026-37283

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3 Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry...

8.7CVSS5.8AI score0.00471EPSS
Exploits0References8
OSV
OSV
added 2026/03/31 1:57 p.m.3 views

CVE-2026-34200 Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to...

7.7CVSS5.8AI score0.00361EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-32039

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/03/19 10:16 p.m.3 views

CVE-2026-32039

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

6.5CVSS0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 10:16 p.m.3 views

CVE-2026-32039

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in the toolsBySender group policy matching that allows attackers to inherit elevated tool permissions through identifier collision attacks. Attackers can exploit untyped sender keys by forcing collisions with mutab...

5.9CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder