<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Andrea9293 - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/andrea9293/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 15 Jul 2026 23:28:08 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/andrea9293/feed.xml" rel="self" type="application/rss+xml"/><item><title>Unauthenticated Access to @andrea9293/mcp-documentation-server Web UI/API</title><link>https://feed.craftedsignal.io/briefs/2026-07-unauth-mcp-documentation-server/</link><pubDate>Wed, 15 Jul 2026 23:28:08 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-unauth-mcp-documentation-server/</guid><description>The `@andrea9293/mcp-documentation-server` version 1.13.0 defaults to binding its Web UI/API to all network interfaces (0.0.0.0:3080) and lacks authentication for its document-management endpoints, enabling any network-reachable attacker to perform unauthorized operations such as reading, searching, adding, and deleting documents, potentially corrupting the user's knowledge base.</description><content:encoded><![CDATA[<p>The <code>@andrea9293/mcp-documentation-server</code> version 1.13.0 contains a critical vulnerability, tracked as CVE-2026-54504, where its Web UI and API bind to all network interfaces (<code>0.0.0.0:3080</code>) by default without requiring any authentication for document management endpoints. This configuration flaw exposes sensitive document operations - including reading, searching, adding, and deleting documents - to any client on the same local area network (LAN), virtual machine network, or container bridge. This issue is not the existence of a Web UI but its default unsafe exposure, allowing uncredentialed access to an application that could contain private or sensitive data. The vulnerability was published on July 15, 2026, and affects users running the server on various platforms such as laptops, workstations, or VMs connected to shared networks. This could lead to data exposure, tampering, or destruction of the user's local knowledge base.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Network Discovery</strong>: An attacker scans local networks (LAN, VM networks, Docker bridges) for open ports, specifically identifying systems listening on port <code>3080/TCP</code>.</li>
<li><strong>Service Identification</strong>: Upon finding an open port <code>3080/TCP</code>, the attacker sends a benign HTTP GET request to a known public endpoint like <code>/api/config</code> to confirm that the <code>@andrea9293/mcp-documentation-server</code> Web UI/API is running and network-accessible.</li>
<li><strong>Unauthenticated Access</strong>: The attacker attempts to interact with document management API endpoints (e.g., <code>/api/documents</code>, <code>/api/search-all</code>) without providing any authentication credentials (e.g., no <code>Authorization</code> header).</li>
<li><strong>Information Disclosure</strong>: The attacker sends unauthenticated HTTP GET requests to <code>/api/documents</code> and <code>/api/documents/:id</code> to enumerate and read the content of stored documents.</li>
<li><strong>Data Manipulation</strong>: The attacker sends unauthenticated HTTP POST requests to <code>/api/documents</code> to insert new, attacker-controlled documents into the server's corpus.</li>
<li><strong>Corpus Search</strong>: The attacker leverages the unauthenticated <code>/api/search-all</code> endpoint with specific queries to search across the entire document corpus, potentially extracting sensitive information.</li>
<li><strong>Data Destruction</strong>: The attacker sends unauthenticated HTTP DELETE requests to <code>/api/documents/:id</code> to delete existing documents from the server.</li>
<li><strong>Impact on Knowledge Base</strong>: Through these actions, the attacker can read, add, modify, or delete documents, effectively tampering with or destroying the user's local knowledge base used by the MCP assistant.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The described vulnerability allows a network-reachable attacker to gain full administrative access to the document management API without any credentials. This can lead to significant impact depending on the nature of the data stored in the documentation server. Attackers can read sensitive document titles, previews, and full contents, search the entire corpus for specific information, insert malicious or misleading documents, and delete existing documents. This could result in information disclosure, data integrity compromise, and data loss. Users running the MCP server on shared networks, virtual machines, or local development environments are particularly vulnerable, as an attacker on the same network segment can exploit this flaw to corrupt or exfiltrate the user's local knowledge base.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li><strong>Deploy the Sigma rule to detect suspicious API access</strong>: Deploy the <code>Detect Unauthenticated Access to MCP Documentation Server API</code> rule to your SIEM to alert on any non-localhost access to the sensitive API endpoints (<code>/api/documents</code>, <code>/api/search-all</code>, <code>/api/config</code>) on port 3080.</li>
<li><strong>Monitor webserver logs</strong>: Monitor <code>webserver</code> logs for HTTP requests to <code>/api/documents</code>, <code>/api/search-all</code>, and <code>/api/config</code> originating from non-localhost IP addresses, particularly on port 3080.</li>
<li><strong>Implement network segmentation</strong>: Restrict network access to port 3080 on hosts running the <code>@andrea9293/mcp-documentation-server</code> to only trusted internal IP addresses or <code>localhost</code> as described in CVE-2026-54504.</li>
<li><strong>Apply vendor patches</strong>: Refer to the advisory at <code>https://github.com/advisories/GHSA-6f5r-5672-72j7</code> for any future patches or configuration guidance from the vendor to bind the service to <code>127.0.0.1</code> by default or enable authentication.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>web</category><category>api</category><category>node.js</category><category>default-misconfiguration</category><category>unauthenticated-access</category></item></channel></rss>