{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/netlicensing/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["netlicensing-mcp (0.1.5)"],"_cs_severities":["high"],"_cs_tags":["web-vulnerability","missing-authentication","api-security","supply-chain","http"],"_cs_type":"advisory","_cs_vendors":["NetLicensing"],"content_html":"\u003cp\u003eNetLicensing-MCP, an open-source tool designed for managing NetLicensing accounts, contains a critical vulnerability (CVSS 8.1) when deployed in HTTP transport mode, specifically affecting version 0.1.5 and earlier. The \u003ccode\u003eApiKeyMiddleware\u003c/code\u003e fails to properly enforce authentication for incoming HTTP requests that lack a client API key. Instead of rejecting such unauthenticated requests, the application inadvertently proceeds, falling back to using the server operator's \u003ccode\u003eNETLICENSING_API_KEY\u003c/code\u003e environment variable for all subsequent upstream calls to the NetLicensing REST API. This flaw allows any unauthenticated network attacker to invoke any MCP tool functions, including product listing, license creation, modification, and destructive delete operations, entirely under the server operator's identity and account quota. Identified as a Missing Authentication for Critical Function (CWE-306), this vulnerability primarily impacts organizations running \u003ccode\u003enetlicensing-mcp\u003c/code\u003e on network-reachable interfaces with the \u003ccode\u003eNETLICENSING_API_KEY\u003c/code\u003e configured as per official documentation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated network attacker sends an HTTP request to the \u003ccode\u003enetlicensing-mcp\u003c/code\u003e \u003ccode\u003e/mcp\u003c/code\u003e endpoint, intentionally omitting any \u003ccode\u003ex-netlicensing-api-key\u003c/code\u003e header or \u003ccode\u003eapikey\u003c/code\u003e query parameter.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eApiKeyMiddleware\u003c/code\u003e in \u003ccode\u003esrc/netlicensing_mcp/server.py\u003c/code\u003e attempts to extract an API key from the incoming request.\u003c/li\u003e\n\u003cli\u003eBecause no client key is provided by the attacker, the middleware fails to find one and unconditionally forwards the unauthenticated request to the next handler (\u003ccode\u003ecall_next(request)\u003c/code\u003e at \u003ccode\u003eserver.py:1427\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe downstream MCP client module (\u003ccode\u003esrc/netlicensing_mcp/client.py\u003c/code\u003e) is invoked and attempts to obtain an API key for making upstream calls to the NetLicensing REST API.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eapi_key_ctx\u003c/code\u003e ContextVar in \u003ccode\u003eclient.py\u003c/code\u003e defaults to \u003ccode\u003eos.getenv(\u0026quot;NETLICENSING_API_KEY\u0026quot;, \u0026quot;\u0026quot;)\u003c/code\u003e (at \u003ccode\u003eclient.py:30\u003c/code\u003e), retrieving the server operator's confidential API key from the environment.\u003c/li\u003e\n\u003cli\u003eThe MCP client proceeds to construct an \u003ccode\u003eAuthorization: Basic\u003c/code\u003e header using the server operator's retrieved API key (\u003ccode\u003eclient.py:62 - 70\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe MCP client then makes an upstream HTTP request to the NetLicensing REST API (e.g., to \u003ccode\u003e/core/v2/rest/product\u003c/code\u003e) using the operator's credentials (\u003ccode\u003eclient.py:105, 109\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe upstream NetLicensing API processes the request as if it originated from the legitimate server operator, granting the attacker full control over the operator's account via the MCP tools.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability, categorized as Missing Authentication for Critical Function (CWE-306), allows any network-reachable attacker to invoke the full set of MCP tools without authentication. Attackers can execute read, create, update, and delete operations, with their requests transparently executed under the server operator's NetLicensing account. This leads to:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eConfidentiality\u003c/strong\u003e: Unauthorized enumeration of all products, licenses, licensees, and transactions linked to the operator's account.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eIntegrity\u003c/strong\u003e: Unauthorized creation of new licenses or licensees, modification of existing license parameters, and forging of token-based validations.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAvailability\u003c/strong\u003e: Potential for bulk deletion of products, licenses, or licensees, which could severely disrupt or destroy the operator's entire licensing configuration.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThe vulnerability specifically impacts operators who deploy \u003ccode\u003enetlicensing-mcp\u003c/code\u003e in HTTP transport mode (\u003ccode\u003epython3 -m netlicensing_mcp.server http\u003c/code\u003e) with the \u003ccode\u003eNETLICENSING_API_KEY\u003c/code\u003e configured as a server-side environment variable and expose the service on a network-reachable interface. This deployment pattern is officially documented in the project README for remote and cloud deployments.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade \u003ccode\u003enetlicensing-mcp\u003c/code\u003e to a patched version (newer than 0.1.5) immediately to address the vulnerability in \u003ccode\u003esrc/netlicensing_mcp/server.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply the suggested patch from the advisory to \u003ccode\u003esrc/netlicensing_mcp/server.py\u003c/code\u003e to correctly reject unauthenticated requests to the \u003ccode\u003e/mcp\u003c/code\u003e endpoint if an upgrade is not immediately feasible.\u003c/li\u003e\n\u003cli\u003eReview server configurations to ensure that the \u003ccode\u003enetlicensing-mcp\u003c/code\u003e service, particularly the vulnerable \u003ccode\u003e/mcp\u003c/code\u003e endpoint (IOC: \u003ccode\u003e/mcp\u003c/code\u003e), is not exposed on network-reachable interfaces when operating in HTTP mode with the \u003ccode\u003eNETLICENSING_API_KEY\u003c/code\u003e environment variable set.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block HTTP requests directed at the \u003ccode\u003e/mcp\u003c/code\u003e endpoint (IOC: \u003ccode\u003e/mcp\u003c/code\u003e) that do not contain an \u003ccode\u003ex-netlicensing-api-key\u003c/code\u003e header or \u003ccode\u003eapikey\u003c/code\u003e query parameter, effectively mimicking the behavior of a patched \u003ccode\u003eApiKeyMiddleware\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web server access logs for HTTP requests targeting the \u003ccode\u003e/mcp\u003c/code\u003e endpoint (IOC: \u003ccode\u003e/mcp\u003c/code\u003e) that lack explicit API key authentication, as this may indicate attempted exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-14T20:49:28Z","date_published":"2026-07-14T20:49:28Z","id":"https://feed.craftedsignal.io/briefs/2026-07-netlicensing-mcp-unauth-api-key/","summary":"An unauthenticated vulnerability exists in netlicensing-mcp (version 0.1.5 and earlier) when operating in HTTP transport mode, where the ApiKeyMiddleware fails to enforce authentication for requests lacking a client API key, causing the application to fall back to the server's NETLICENSING_API_KEY environment variable for upstream calls, allowing an unauthenticated network attacker to invoke any MCP tool under the server operator's identity and account quota.","title":"Unauthenticated API Key Use in NetLicensing-MCP HTTP Mode","url":"https://feed.craftedsignal.io/briefs/2026-07-netlicensing-mcp-unauth-api-key/"}],"language":"en","title":"CraftedSignal Threat Feed - NetLicensing","version":"https://jsonfeed.org/version/1.1"}