
PEACH
Un cadre d’isolation des locataires
CVE-2026-54504 is a missing authentication and unsafe network binding vulnerability in the npm package @andrea9293/mcp-documentation-server v1.13.0. The Web UI/API, which starts automatically by default on port 3080, binds to all network interfaces (0.0.0.0:3080) instead of localhost only, and exposes document-management API endpoints without any authentication requirement. This allows any network-reachable client on the same LAN, VM network, or container bridge to perform unauthenticated document-admin operations. The vulnerability was first published on June 4, 2026, and added to the GitHub Advisory Database on July 15, 2026. It carries a CVSS v3.1 base score of 8.8 (High) (GitHub Advisory).
The root cause is twofold: CWE-306 (Missing Authentication for Critical Function) and CWE-668 (Exposure of Resource to Wrong Sphere). In src/web-server.ts, the Express application calls app.listen(PORT) without specifying a host argument, which causes Node.js/Express to bind to all available network interfaces (0.0.0.0) by default rather than restricting to 127.0.0.1. The Web UI starts automatically unless the environment variable START_WEB_UI is explicitly set to false. The exposed API endpoints — including GET /api/documents, GET /api/documents/:id, POST /api/documents, POST /api/search-all, DELETE /api/documents/:id, and GET /api/config — perform no authentication checks, accepting any unauthenticated HTTP request from adjacent network clients (GitHub Advisory, Security Advisory).
A network-adjacent attacker with no credentials can enumerate all stored documents (titles, previews, and full content), search across the entire document corpus, insert attacker-controlled documents into the knowledge base, and permanently delete documents. This directly impacts confidentiality (exposure of potentially sensitive documentation), integrity (corpus tampering that could poison the MCP assistant's knowledge base), and availability (bulk deletion of documents). Users running the server on laptops, workstations, developer VMs, or hosts connected to shared networks, VPNs, or Docker bridge networks are all at risk (GitHub Advisory).
nmap -p 3080 <subnet> or masscan. Hosts running @andrea9293/mcp-documentation-server v1.13.0 with default settings will respond./api/config to confirm the service is running and unprotected: curl http://<TARGET_IP>:3080/api/config. A JSON response (e.g., {"gemini_available":false,"embedding_model":"Xenova/all-MiniLM-L6-v2"}) confirms vulnerability.GET /api/documents without any Authorization header to list all stored document titles and IDs: curl http://<TARGET_IP>:3080/api/documents.curl http://<TARGET_IP>:3080/api/documents/<doc_id>.POST /api/search-all with a JSON body {"query": "<keyword>", "limit": 10} to search across all stored documents for sensitive information./api/documents with attacker-controlled content to poison the MCP assistant's knowledge base: curl -X POST -H 'Content-Type: application/json' -d '{"title":"injected","content":"<payload>"}' http://<TARGET_IP>:3080/api/documents.DELETE /api/documents/<doc_id> to destroy any or all documents, causing availability impact (GitHub Advisory, Security Advisory).ss -ltnp | grep ':3080' showing LISTEN *:3080 instead of 127.0.0.1:3080./api/documents, /api/config, /api/search-all, or /api/documents/:id originating from non-loopback IP addresses without any Authorization header.MCP_BASE_DIR), particularly documents with suspicious titles or attacker-controlled content markers.node dist/server.js) listening on 0.0.0.0:3080 as confirmed by ss or netstat output (GitHub Advisory).Upgrade to @andrea9293/mcp-documentation-server v1.13.1, which binds the Web UI to 127.0.0.1 by default and introduces a new WEB_HOST environment variable (defaulting to 127.0.0.1) for explicit opt-in to network exposure (v1.13.1 Release, Patch Commit). As an immediate workaround on v1.13.0, set START_WEB_UI=false to disable the Web UI entirely, or use host-based firewall rules to block external access to port 3080. If network exposure is required, set WEB_HOST=0.0.0.0 only after implementing network-level access controls, and consider placing the service behind an authenticating reverse proxy.
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."