PT-2026-37283 · Unknown · Network-Ai
232-323
+1
·
Published
2026-05-05
·
Updated
2026-06-22
·
CVE-2026-42856
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Network-AI versions prior to 5.1.3
Description
The MCP HTTP transport accepts JSON-RPC
tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry. Because the service binds to 0.0.0.0 by default, any party with network reachability can enumerate and invoke privileged management tools. This allows unauthorized users to read and mutate live orchestrator configurations, list and dispatch agents, create or revoke security tokens, and adjust global budget ceilings. The issue is specifically present in the handlePost() function, which fails to perform authentication checks before calling handleRPC(), and the handleRPC() function, which dispatches requests to the call(toolName, toolArgs) function.Recommendations
Update to version 5.1.3.
As a temporary workaround, restrict access to the
/mcp endpoint to trusted networks or change the bind address from 0.0.0.0 to 127.0.0.1 to prevent external network exposure.Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Network-Ai