Product
camofox-mcp exposed an unauthenticated HTTP MCP endpoint, allowing remote clients to invoke browser-control tools without authentication, potentially leading to unauthorized browser automation and data access.