PT-2026-37283 · Unknown · Network-Ai

232-323

+1

·

Published

2026-05-05

·

Updated

2026-06-22

·

CVE-2026-42856

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.1.3
Description The MCP HTTP transport accepts JSON-RPC tools/call requests without requiring authentication, sessions, origins, or token checks, dispatching them directly to the orchestrator's tool registry. Because the service binds to 0.0.0.0 by default, any party with network reachability can enumerate and invoke privileged management tools. This allows unauthorized users to read and mutate live orchestrator configurations, list and dispatch agents, create or revoke security tokens, and adjust global budget ceilings. The issue is specifically present in the handlePost() function, which fails to perform authentication checks before calling handleRPC(), and the handleRPC() function, which dispatches requests to the call(toolName, toolArgs) function.
Recommendations Update to version 5.1.3. As a temporary workaround, restrict access to the /mcp endpoint to trusted networks or change the bind address from 0.0.0.0 to 127.0.0.1 to prevent external network exposure.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-42856
GHSA-FJ4G-2P96-Q6M3

Affected Products

Network-Ai