2Rebcat

**Name of the Vulnerable Software and Affected Versions** Network-AI versions prior to 5.1.3 **Description** The MCP HTTP transport accepts JSON-RPC `tools/call` requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry. Because the service binds to `0.0.0.0` by default, any party with network reachability can enumerate and invoke privileged management tools. This allows unauthorized users to read and mutate live orchestrator configurations, list and dispatch agents, create or revoke security tokens, and adjust global budget ceilings. The issue is specifically present in the ` handlePost()` function, which fails to perform authentication checks before calling `handleRPC()`, and the `handleRPC()` function, which dispatches requests to the `call(toolName, toolArgs)` function. **Recommendations** Update to version 5.1.3. As a temporary workaround, restrict access to the `/mcp` endpoint to trusted networks or change the bind address from `0.0.0.0` to `127.0.0.1` to prevent external network exposure.