Tag
The @grackle-ai/mcp package has a workspace authorization bypass vulnerability in its knowledge_search MCP tool that allows scoped agents to bypass workspace isolation and access knowledge graph nodes from other workspaces, leading to cross-workspace data leakage.