CVE-2026-49471 - Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE
CVE ID :CVE-2026-49471 Published : July 7, 2026, 9:17 p.m. | 1 hour, 57 minutes ago Description :Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a...