Unauthenticated Access to @andrea9293/mcp-documentation-server Web UI/API
The `@andrea9293/mcp-documentation-server` version 1.13.0 defaults to binding its Web UI/API to all network interfaces (0.0.0.0:3080) and lacks authentication for its document-management endpoints, enabling any network-reachable attacker to perform unauthorized operations such as reading, searching, adding, and deleting documents, potentially corrupting the user's knowledge base.
The @andrea9293/mcp-documentation-server version 1.13.0 contains a critical vulnerability, tracked as CVE-2026-54504, where its Web UI and API bind to all network interfaces (0.0.0.0:3080) by default without requiring any authentication for document management endpoints. This configuration flaw exposes sensitive document operations - including reading, searching, adding, and deleting documents - to any client on the same local area network (LAN), virtual machine network, or container bridge. This issue is not the existence of a Web UI but its default unsafe exposure, allowing uncredentialed access to an application that could contain private or sensitive data. The vulnerability was published on July 15, 2026, and affects users running the server on various platforms such as laptops, workstations, or VMs connected to shared networks. This could lead to data exposure, tampering, or destruction of the user's local knowledge base.
Attack Chain
- Network Discovery: An attacker scans local networks (LAN, VM networks, Docker bridges) for open ports, specifically identifying systems listening on port
3080/TCP. - Service Identification: Upon finding an open port
3080/TCP, the attacker sends a benign HTTP GET request to a known public endpoint like/api/configto confirm that the@andrea9293/mcp-documentation-serverWeb UI/API is running and network-accessible. - Unauthenticated Access: The attacker attempts to interact with document management API endpoints (e.g.,
/api/documents,/api/search-all) without providing any authentication credentials (e.g., noAuthorizationheader). - Information Disclosure: The attacker sends unauthenticated HTTP GET requests to
/api/documentsand/api/documents/:idto enumerate and read the content of stored documents. - Data Manipulation: The attacker sends unauthenticated HTTP POST requests to
/api/documentsto insert new, attacker-controlled documents into the server's corpus. - Corpus Search: The attacker leverages the unauthenticated
/api/search-allendpoint with specific queries to search across the entire document corpus, potentially extracting sensitive information. - Data Destruction: The attacker sends unauthenticated HTTP DELETE requests to
/api/documents/:idto delete existing documents from the server. - Impact on Knowledge Base: Through these actions, the attacker can read, add, modify, or delete documents, effectively tampering with or destroying the user's local knowledge base used by the MCP assistant.
Impact
The described vulnerability allows a network-reachable attacker to gain full administrative access to the document management API without any credentials. This can lead to significant impact depending on the nature of the data stored in the documentation server. Attackers can read sensitive document titles, previews, and full contents, search the entire corpus for specific information, insert malicious or misleading documents, and delete existing documents. This could result in information disclosure, data integrity compromise, and data loss. Users running the MCP server on shared networks, virtual machines, or local development environments are particularly vulnerable, as an attacker on the same network segment can exploit this flaw to corrupt or exfiltrate the user's local knowledge base.
Recommendation
- Deploy the Sigma rule to detect suspicious API access: Deploy the
Detect Unauthenticated Access to MCP Documentation Server APIrule to your SIEM to alert on any non-localhost access to the sensitive API endpoints (/api/documents,/api/search-all,/api/config) on port 3080. - Monitor webserver logs: Monitor
webserverlogs for HTTP requests to/api/documents,/api/search-all, and/api/configoriginating from non-localhost IP addresses, particularly on port 3080. - Implement network segmentation: Restrict network access to port 3080 on hosts running the
@andrea9293/mcp-documentation-serverto only trusted internal IP addresses orlocalhostas described in CVE-2026-54504. - Apply vendor patches: Refer to the advisory at
https://github.com/advisories/GHSA-6f5r-5672-72j7for any future patches or configuration guidance from the vendor to bind the service to127.0.0.1by default or enable authentication.
Detection coverage 1
Detect Unauthenticated Access to MCP Documentation Server API
highDetects CVE-2026-54504 exploitation - unauthenticated network access to sensitive API endpoints of the @andrea9293/mcp-documentation-server. This indicates a network-reachable attacker interacting with the server without credentials.
Detection queries are available on the platform. Get full rules →