CVE-2026-54504
JavaScript Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-54504 is a missing authentication and unsafe network binding vulnerability in the npm package @andrea9293/mcp-documentation-server v1.13.0. The Web UI/API, which starts automatically by default on port 3080, binds to all network interfaces (0.0.0.0:3080) instead of localhost only, and exposes document-management API endpoints without any authentication requirement. This allows any network-reachable client on the same LAN, VM network, or container bridge to perform unauthenticated document-admin operations. The vulnerability was first published on June 4, 2026, and added to the GitHub Advisory Database on July 15, 2026. It carries a CVSS v3.1 base score of 8.8 (High) (GitHub Advisory).

Détails techniques

The root cause is twofold: CWE-306 (Missing Authentication for Critical Function) and CWE-668 (Exposure of Resource to Wrong Sphere). In src/web-server.ts, the Express application calls app.listen(PORT) without specifying a host argument, which causes Node.js/Express to bind to all available network interfaces (0.0.0.0) by default rather than restricting to 127.0.0.1. The Web UI starts automatically unless the environment variable START_WEB_UI is explicitly set to false. The exposed API endpoints — including GET /api/documents, GET /api/documents/:id, POST /api/documents, POST /api/search-all, DELETE /api/documents/:id, and GET /api/config — perform no authentication checks, accepting any unauthenticated HTTP request from adjacent network clients (GitHub Advisory, Security Advisory).

Impact

A network-adjacent attacker with no credentials can enumerate all stored documents (titles, previews, and full content), search across the entire document corpus, insert attacker-controlled documents into the knowledge base, and permanently delete documents. This directly impacts confidentiality (exposure of potentially sensitive documentation), integrity (corpus tampering that could poison the MCP assistant's knowledge base), and availability (bulk deletion of documents). Users running the server on laptops, workstations, developer VMs, or hosts connected to shared networks, VPNs, or Docker bridge networks are all at risk (GitHub Advisory).

Étapes d’exploitation

  1. Reconnaissance: Scan the local network for hosts listening on TCP port 3080 using a tool such as nmap -p 3080 <subnet> or masscan. Hosts running @andrea9293/mcp-documentation-server v1.13.0 with default settings will respond.
  2. Verify exposure: Send an unauthenticated GET request to /api/config to confirm the service is running and unprotected: curl http://<TARGET_IP>:3080/api/config. A JSON response (e.g., {"gemini_available":false,"embedding_model":"Xenova/all-MiniLM-L6-v2"}) confirms vulnerability.
  3. Enumerate documents: Issue GET /api/documents without any Authorization header to list all stored document titles and IDs: curl http://<TARGET_IP>:3080/api/documents.
  4. Read document contents: Retrieve the full content of any document using its ID: curl http://<TARGET_IP>:3080/api/documents/<doc_id>.
  5. Search the corpus: Use POST /api/search-all with a JSON body {"query": "<keyword>", "limit": 10} to search across all stored documents for sensitive information.
  6. Insert malicious document: POST a crafted document to /api/documents with attacker-controlled content to poison the MCP assistant's knowledge base: curl -X POST -H 'Content-Type: application/json' -d '{"title":"injected","content":"<payload>"}' http://<TARGET_IP>:3080/api/documents.
  7. Delete documents: Issue DELETE /api/documents/<doc_id> to destroy any or all documents, causing availability impact (GitHub Advisory, Security Advisory).

Indicateurs de compromis

  • Network: Unexpected inbound HTTP connections to TCP port 3080 from non-localhost IP addresses; ss -ltnp | grep ':3080' showing LISTEN *:3080 instead of 127.0.0.1:3080.
  • Logs: HTTP access logs for the Express server showing requests to /api/documents, /api/config, /api/search-all, or /api/documents/:id originating from non-loopback IP addresses without any Authorization header.
  • File System: Unexpected or unfamiliar document entries in the MCP documentation server's data directory (MCP_BASE_DIR), particularly documents with suspicious titles or attacker-controlled content markers.
  • Process: Node.js process (node dist/server.js) listening on 0.0.0.0:3080 as confirmed by ss or netstat output (GitHub Advisory).

Atténuation et solutions de contournement

Upgrade to @andrea9293/mcp-documentation-server v1.13.1, which binds the Web UI to 127.0.0.1 by default and introduces a new WEB_HOST environment variable (defaulting to 127.0.0.1) for explicit opt-in to network exposure (v1.13.1 Release, Patch Commit). As an immediate workaround on v1.13.0, set START_WEB_UI=false to disable the Web UI entirely, or use host-based firewall rules to block external access to port 3080. If network exposure is required, set WEB_HOST=0.0.0.0 only after implementing network-level access controls, and consider placing the service behind an authenticating reverse proxy.

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté JavaScript Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-54504HIGH8.8
  • JavaScript logoJavaScript
  • @andrea9293/mcp-documentation-server
NonOuiJul 15, 2026
CVE-2026-50289HIGH8.7
  • JavaScript logoJavaScript
  • systeminformation
NonOuiJul 15, 2026
CVE-2026-48795HIGH8.6
  • JavaScript logoJavaScript
  • @adonisjs/bodyparser
NonOuiJul 15, 2026
CVE-2026-50272HIGH7.5
  • JavaScript logoJavaScript
  • dd-trace
NonOuiJul 15, 2026
CVE-2026-54490MEDIUM6.3
  • JavaScript logoJavaScript
  • websocket-driver
NonOuiJul 15, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités