Agentic / MCP
204 entries
Every Agentic / MCP entry VulnWatch has indexed, sorted by publication date.
Subscribe to this tag's RSS feed
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
## Summary The published npm package `praisonai` exports a TypeScript `MCPServer` that can expose tools, resources, and prompts over an HTTP JSON-RPC transport with: ```ts await server.start({ port:...
PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
## Summary The `codeMode` tool in `src/praisonai-ts/src/tools/builtins/code-mode.ts` uses `new Function()` with a `with(sandbox)` pattern to execute LLM-generated code. The blocklist-based "sandbox"...
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
## Summary The published npm package `praisonai` exports an `MCPSecurity` helper described in source as: ```text MCP Security - Authentication, authorization, and rate limiting Provides security pol...
PraisonAI: IMAP Command Injection via Unsanitized Email Search Parameters
## Summary The email search tool in `src/praisonai-agents/praisonaiagents/tools/email_tools.py` constructs IMAP SEARCH commands by interpolating LLM-controlled parameters (from_addr, subject, query)...
PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
# Unauthenticated PraisonAI UI MCP connect endpoint executes attacker-chosen local commands ## Summary PraisonAI v4.6.48 exposes the PraisonAIUI MCP client management API through the default UI host...
praisonai: recipe serve auth middleware silently disables itself when no secret is set
# praisonai: `recipe serve` authentication middleware silently disables itself when no secret is set **Researcher:** Kai Aizen — SnailSploit (@SnailSploit), Adversarial & Offensive Security Research...
PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools
# PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered tools ## Summary `praisonaiagents.mcp.ToolsMCPServer.run_sse()` builds a Starlette MCP HTTP+SSE se...
Docker MCP Gateway: Argument injection via OCI image label YAML
## Summary A maliciously crafted OCI image label can inject arbitrary arguments into the `docker run` command line constructed by the MCP Gateway. An attacker who controls an image that the victim re...
Is it agentic enough? Benchmarking open models on your own tooling
CVE-2026-48989: Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP m
Windows-MCP is an open-source project that integrates AI agents with Windows. In versions prior to 0.7.5, certain HTTP modes exposed the MCP control plane without authentication while enabling wildcar...
CVE-2026-48814: Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows un
Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. T...
CVE-2026-20265: In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles
In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a serve...
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
### Summary OpenClaw supports remote MCP Streamable HTTP servers with operator-configured custom headers. In affected releases, those headers could be forwarded when the MCP endpoint responded with a...
1Password Acquires Apono in Reported $250M-$300M Deal
Apono specializes in just-in-time access governance technology for humans, machines, and AI agents. The post 1Password Acquires Apono in Reported $250M-$300M Deal appeared first on SecurityWeek.
Tenet Security Emerges From Stealth With $6 Million Seed Funding
Tenet aims to detect and stop dangerous AI agentic behavior in real time. The post Tenet Security Emerges From Stealth With $6 Million Seed Funding appeared first on SecurityWeek.
Duplicate Advisory: MCP Streamable HTTP redirects could forward configured custom headers to another origin
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rjxq-qqhf-8hwh. This link is maintained to preserve external references. ## Original Description OpenClaw befo...
CVE-2026-53840: OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards
OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom headers during cross-origin redirects. Attackers cont...
Magnitude Emerges From Stealth Mode With $10 Million in Funding
The company is enhancing third-party risk management (TPRM) through autonomous AI agents. The post Magnitude Emerges From Stealth Mode With $10 Million in Funding appeared first on SecurityWeek.
NewCore Emerges From Stealth Mode With $66 Million in Funding
The startup has built a security-first identity platform to protect humans, machines, and AI agents. The post NewCore Emerges From Stealth Mode With $66 Million in Funding appeared first on SecurityWe...
CVE-2026-11624: The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming conne
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had...
CVE-2026-50287: AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a
AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode,...
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGrap...
CVE-2026-47250: mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags directl...
CVE-2026-46519: mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-
mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS...