Vendor
The `@andrea9293/mcp-documentation-server` version 1.13.0 defaults to binding its Web UI/API to all network interfaces (0.0.0.0:3080) and lacks authentication for its document-management endpoints, enabling any network-reachable attacker to perform unauthorized operations such as reading, searching, adding, and deleting documents, potentially corrupting the user's knowledge base.