{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/default-misconfiguration/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@andrea9293/mcp-documentation-server"],"_cs_severities":["high"],"_cs_tags":["vulnerability","web","api","node.js","default-misconfiguration","unauthenticated-access"],"_cs_type":"advisory","_cs_vendors":["andrea9293"],"content_html":"\u003cp\u003eThe \u003ccode\u003e@andrea9293/mcp-documentation-server\u003c/code\u003e version 1.13.0 contains a critical vulnerability, tracked as CVE-2026-54504, where its Web UI and API bind to all network interfaces (\u003ccode\u003e0.0.0.0:3080\u003c/code\u003e) by default without requiring any authentication for document management endpoints. This configuration flaw exposes sensitive document operations - including reading, searching, adding, and deleting documents - to any client on the same local area network (LAN), virtual machine network, or container bridge. This issue is not the existence of a Web UI but its default unsafe exposure, allowing uncredentialed access to an application that could contain private or sensitive data. The vulnerability was published on July 15, 2026, and affects users running the server on various platforms such as laptops, workstations, or VMs connected to shared networks. This could lead to data exposure, tampering, or destruction of the user's local knowledge base.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eNetwork Discovery\u003c/strong\u003e: An attacker scans local networks (LAN, VM networks, Docker bridges) for open ports, specifically identifying systems listening on port \u003ccode\u003e3080/TCP\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eService Identification\u003c/strong\u003e: Upon finding an open port \u003ccode\u003e3080/TCP\u003c/code\u003e, the attacker sends a benign HTTP GET request to a known public endpoint like \u003ccode\u003e/api/config\u003c/code\u003e to confirm that the \u003ccode\u003e@andrea9293/mcp-documentation-server\u003c/code\u003e Web UI/API is running and network-accessible.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUnauthenticated Access\u003c/strong\u003e: The attacker attempts to interact with document management API endpoints (e.g., \u003ccode\u003e/api/documents\u003c/code\u003e, \u003ccode\u003e/api/search-all\u003c/code\u003e) without providing any authentication credentials (e.g., no \u003ccode\u003eAuthorization\u003c/code\u003e header).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInformation Disclosure\u003c/strong\u003e: The attacker sends unauthenticated HTTP GET requests to \u003ccode\u003e/api/documents\u003c/code\u003e and \u003ccode\u003e/api/documents/:id\u003c/code\u003e to enumerate and read the content of stored documents.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Manipulation\u003c/strong\u003e: The attacker sends unauthenticated HTTP POST requests to \u003ccode\u003e/api/documents\u003c/code\u003e to insert new, attacker-controlled documents into the server's corpus.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCorpus Search\u003c/strong\u003e: The attacker leverages the unauthenticated \u003ccode\u003e/api/search-all\u003c/code\u003e endpoint with specific queries to search across the entire document corpus, potentially extracting sensitive information.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Destruction\u003c/strong\u003e: The attacker sends unauthenticated HTTP DELETE requests to \u003ccode\u003e/api/documents/:id\u003c/code\u003e to delete existing documents from the server.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact on Knowledge Base\u003c/strong\u003e: Through these actions, the attacker can read, add, modify, or delete documents, effectively tampering with or destroying the user's local knowledge base used by the MCP assistant.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe described vulnerability allows a network-reachable attacker to gain full administrative access to the document management API without any credentials. This can lead to significant impact depending on the nature of the data stored in the documentation server. Attackers can read sensitive document titles, previews, and full contents, search the entire corpus for specific information, insert malicious or misleading documents, and delete existing documents. This could result in information disclosure, data integrity compromise, and data loss. Users running the MCP server on shared networks, virtual machines, or local development environments are particularly vulnerable, as an attacker on the same network segment can exploit this flaw to corrupt or exfiltrate the user's local knowledge base.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeploy the Sigma rule to detect suspicious API access\u003c/strong\u003e: Deploy the \u003ccode\u003eDetect Unauthenticated Access to MCP Documentation Server API\u003c/code\u003e rule to your SIEM to alert on any non-localhost access to the sensitive API endpoints (\u003ccode\u003e/api/documents\u003c/code\u003e, \u003ccode\u003e/api/search-all\u003c/code\u003e, \u003ccode\u003e/api/config\u003c/code\u003e) on port 3080.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMonitor webserver logs\u003c/strong\u003e: Monitor \u003ccode\u003ewebserver\u003c/code\u003e logs for HTTP requests to \u003ccode\u003e/api/documents\u003c/code\u003e, \u003ccode\u003e/api/search-all\u003c/code\u003e, and \u003ccode\u003e/api/config\u003c/code\u003e originating from non-localhost IP addresses, particularly on port 3080.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImplement network segmentation\u003c/strong\u003e: Restrict network access to port 3080 on hosts running the \u003ccode\u003e@andrea9293/mcp-documentation-server\u003c/code\u003e to only trusted internal IP addresses or \u003ccode\u003elocalhost\u003c/code\u003e as described in CVE-2026-54504.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApply vendor patches\u003c/strong\u003e: Refer to the advisory at \u003ccode\u003ehttps://github.com/advisories/GHSA-6f5r-5672-72j7\u003c/code\u003e for any future patches or configuration guidance from the vendor to bind the service to \u003ccode\u003e127.0.0.1\u003c/code\u003e by default or enable authentication.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T23:28:08Z","date_published":"2026-07-15T23:28:08Z","id":"https://feed.craftedsignal.io/briefs/2026-07-unauth-mcp-documentation-server/","summary":"The `@andrea9293/mcp-documentation-server` version 1.13.0 defaults to binding its Web UI/API to all network interfaces (0.0.0.0:3080) and lacks authentication for its document-management endpoints, enabling any network-reachable attacker to perform unauthorized operations such as reading, searching, adding, and deleting documents, potentially corrupting the user's knowledge base.","title":"Unauthenticated Access to @andrea9293/mcp-documentation-server Web UI/API","url":"https://feed.craftedsignal.io/briefs/2026-07-unauth-mcp-documentation-server/"}],"language":"en","title":"CraftedSignal Threat Feed - Default-Misconfiguration","version":"https://jsonfeed.org/version/1.1"}