Nalyk

**Name of the Vulnerable Software and Affected Versions** GitLab MCP Server versions prior to 0.6.0 **Description** The HTTP transport in `src/transport.ts` lacks an authentication layer and implements a wildcard `Access-Control-Allow-Origin: *` header on all responses. This allows any cross-origin browser context or unauthenticated network caller to access a stateful, mutation-capable RPC endpoint. The server binds to `0.0.0.0` by default because the `httpServer.listen(port)` function is called without a host argument, exposing the interface on all network interfaces. This configuration allows unauthorized access to all tools exposed by the server using the operator's `GITLAB PERSONAL ACCESS TOKEN`, including destructive operations such as `delete repository`, `delete group`, `push files`, `create merge request`, and `update repository settings`. The affected API endpoints are: - 'GET /sse' - 'POST /messages?sessionId=`id`' **Recommendations** Update to version 0.6.0. As a temporary workaround, avoid setting `USE SSE=true` or restrict network access to the server port to trusted sources only.