Lucene search
+L

156 matches found

NVD
NVD
added yesterday5 views

CVE-2026-62208

OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...

6.5CVSS0.00258EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45096

OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...

6.5CVSS6.2AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-60306

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.5.2 Description A remote authenticated attacker can achieve arbitrary code execution on the host operating system. This is possible by combining a Host header bypass of localhost-only routes with unvalidated MCP...

8.8CVSS6.5AI score0.00719EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-331 excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

9.4CVSS6AI score0.00391EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.6 views

CVE-2026-56280

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

7.1CVSS5.9AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:4 p.m.3 views

CVE-2026-56280 Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

7.1CVSS6AI score0.00262EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.27 views

CVE-2026-56280 Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

7.1CVSS0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 8:17 p.m.14 views

CVE-2026-48814

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing the CORS flaw wit...

9.1CVSS0.00297EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 9:38 p.m.40 views

CVE-2026-9739

CVE-2026-9739 describes a DNS rebinding vulnerability due to a hardcoded Access-Control-Allow-Origin: * in the SSE initialization handler, despite earlier attempts to align with MCP security guidelines using allowed-origins and allowed-hosts. The issue specifically affects users connecting via To...

9.4CVSS5.8AI score0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 2:19 p.m.2 views

CVE-2026-44830 Empty API_TOKEN disables authentication on network-reachable HTTP/SSE transport

Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when APITOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for all HTTP requests. Combined with the default 0.0.0.0 host binding and CORS alloworigins="",...

8.7CVSS6AI score0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 9:8 p.m.11 views

CVE-2026-44895 GitLab MCP Server: SSE transport has no authentication and wildcard CORS, exposing all GitLab tools

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS5.8AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 9:8 p.m.47 views

CVE-2026-44895 GitLab MCP Server: SSE transport has no authentication and wildcard CORS, exposing all GitLab tools

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS0.00392EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 9:8 p.m.16 views

EUVD-2026-32003

GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin: on every response. The structural defect is that the SSE server stands up a stateful,...

9.2CVSS5.8AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 9:8 p.m.38 views

CVE-2026-44895

CVE-2026-44895 (GitLab MCP Server SSE transport) has concrete technical details in the connected documents. The MCP server’s SSE HTTP transport (USE_SSE=true) ships with no authentication and sets Access-Control-Allow-Origin: * on all responses, exposing a stateful RPC endpoint backed by the oper...

9.2CVSS5.8AI score0.00392EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 4:42 p.m.4 views

CVE-2026-46431 Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient ...

4.3CVSS5.9AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/26 4:41 p.m.10 views

EUVD-2026-31869

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 4:41 p.m.33 views

CVE-2026-46430 Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...

4.3CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:41 p.m.8 views

CVE-2026-46430

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553"...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42629

Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository | Jovancoding/Network-AI | | Affected version | v5.4.4 commit c12686e181f231cf8d7bcf836a96d78f0f0877ac | Summary The MCP SSE server defaults to an empty secret...

7.6CVSS6AI score
Exploits0References3
OSV
OSV
added 2026/05/20 3:33 p.m.7 views

GHSA-GJ84-924C-48FX Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

Summary The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort"", ":5553" resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References2
Rows per page
Query Builder