CVE-2026-48814

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2

Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized() function returns true when the secret is empty. While a previous update restricted CORS to localhost origins, the server remains unauthenticated by default for non-browser callers, such as curl or SSRF. This allows unauthorized access to 22 MCP tools, including config set, agent spawn, blackboard write, and token * functions, especially when a non-loopback bind is used.

Recommendations Update to version 5.7.2.