CVE ID :CVE-2026-48814 Published : June 17, 2026, 7:42 p.m. | 5 hours, 26 minutes ago Description :Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default...

#Sicherheitslücke #Update

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-48814 - Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)

VERWANDTEARTIKEL

Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch

CVE-2026-12569 - Remote Code Execution (RCE) vulnerability in Windchill PDMlink

CVE-2026-53676 - ThingsBoard Prototype Pollution

CVE-2026-12530 - Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK install_packages()

CVE-2026-50194 - Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

CVE-2026-48989 - Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS