Tag
Network-AI is vulnerable to an unauthenticated cross-origin attack due to an empty default secret and permissive CORS configuration, allowing an attacker to lure a user to a malicious web page and invoke MCP tools like config_set, agent_spawn, and blackboard_write against a default-configured localhost server.