<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>NetLicensing - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/netlicensing/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 14 Jul 2026 20:49:28 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/netlicensing/feed.xml" rel="self" type="application/rss+xml"/><item><title>Unauthenticated API Key Use in NetLicensing-MCP HTTP Mode</title><link>https://feed.craftedsignal.io/briefs/2026-07-netlicensing-mcp-unauth-api-key/</link><pubDate>Tue, 14 Jul 2026 20:49:28 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-netlicensing-mcp-unauth-api-key/</guid><description>An unauthenticated vulnerability exists in netlicensing-mcp (version 0.1.5 and earlier) when operating in HTTP transport mode, where the ApiKeyMiddleware fails to enforce authentication for requests lacking a client API key, causing the application to fall back to the server's NETLICENSING_API_KEY environment variable for upstream calls, allowing an unauthenticated network attacker to invoke any MCP tool under the server operator's identity and account quota.</description><content:encoded><![CDATA[<p>NetLicensing-MCP, an open-source tool designed for managing NetLicensing accounts, contains a critical vulnerability (CVSS 8.1) when deployed in HTTP transport mode, specifically affecting version 0.1.5 and earlier. The <code>ApiKeyMiddleware</code> fails to properly enforce authentication for incoming HTTP requests that lack a client API key. Instead of rejecting such unauthenticated requests, the application inadvertently proceeds, falling back to using the server operator's <code>NETLICENSING_API_KEY</code> environment variable for all subsequent upstream calls to the NetLicensing REST API. This flaw allows any unauthenticated network attacker to invoke any MCP tool functions, including product listing, license creation, modification, and destructive delete operations, entirely under the server operator's identity and account quota. Identified as a Missing Authentication for Critical Function (CWE-306), this vulnerability primarily impacts organizations running <code>netlicensing-mcp</code> on network-reachable interfaces with the <code>NETLICENSING_API_KEY</code> configured as per official documentation.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated network attacker sends an HTTP request to the <code>netlicensing-mcp</code> <code>/mcp</code> endpoint, intentionally omitting any <code>x-netlicensing-api-key</code> header or <code>apikey</code> query parameter.</li>
<li>The <code>ApiKeyMiddleware</code> in <code>src/netlicensing_mcp/server.py</code> attempts to extract an API key from the incoming request.</li>
<li>Because no client key is provided by the attacker, the middleware fails to find one and unconditionally forwards the unauthenticated request to the next handler (<code>call_next(request)</code> at <code>server.py:1427</code>).</li>
<li>The downstream MCP client module (<code>src/netlicensing_mcp/client.py</code>) is invoked and attempts to obtain an API key for making upstream calls to the NetLicensing REST API.</li>
<li>The <code>api_key_ctx</code> ContextVar in <code>client.py</code> defaults to <code>os.getenv(&quot;NETLICENSING_API_KEY&quot;, &quot;&quot;)</code> (at <code>client.py:30</code>), retrieving the server operator's confidential API key from the environment.</li>
<li>The MCP client proceeds to construct an <code>Authorization: Basic</code> header using the server operator's retrieved API key (<code>client.py:62 - 70</code>).</li>
<li>The MCP client then makes an upstream HTTP request to the NetLicensing REST API (e.g., to <code>/core/v2/rest/product</code>) using the operator's credentials (<code>client.py:105, 109</code>).</li>
<li>The upstream NetLicensing API processes the request as if it originated from the legitimate server operator, granting the attacker full control over the operator's account via the MCP tools.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>This vulnerability, categorized as Missing Authentication for Critical Function (CWE-306), allows any network-reachable attacker to invoke the full set of MCP tools without authentication. Attackers can execute read, create, update, and delete operations, with their requests transparently executed under the server operator's NetLicensing account. This leads to:</p>
<ul>
<li><strong>Confidentiality</strong>: Unauthorized enumeration of all products, licenses, licensees, and transactions linked to the operator's account.</li>
<li><strong>Integrity</strong>: Unauthorized creation of new licenses or licensees, modification of existing license parameters, and forging of token-based validations.</li>
<li><strong>Availability</strong>: Potential for bulk deletion of products, licenses, or licensees, which could severely disrupt or destroy the operator's entire licensing configuration.</li>
</ul>
<p>The vulnerability specifically impacts operators who deploy <code>netlicensing-mcp</code> in HTTP transport mode (<code>python3 -m netlicensing_mcp.server http</code>) with the <code>NETLICENSING_API_KEY</code> configured as a server-side environment variable and expose the service on a network-reachable interface. This deployment pattern is officially documented in the project README for remote and cloud deployments.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade <code>netlicensing-mcp</code> to a patched version (newer than 0.1.5) immediately to address the vulnerability in <code>src/netlicensing_mcp/server.py</code>.</li>
<li>Apply the suggested patch from the advisory to <code>src/netlicensing_mcp/server.py</code> to correctly reject unauthenticated requests to the <code>/mcp</code> endpoint if an upgrade is not immediately feasible.</li>
<li>Review server configurations to ensure that the <code>netlicensing-mcp</code> service, particularly the vulnerable <code>/mcp</code> endpoint (IOC: <code>/mcp</code>), is not exposed on network-reachable interfaces when operating in HTTP mode with the <code>NETLICENSING_API_KEY</code> environment variable set.</li>
<li>Implement web application firewall (WAF) rules to block HTTP requests directed at the <code>/mcp</code> endpoint (IOC: <code>/mcp</code>) that do not contain an <code>x-netlicensing-api-key</code> header or <code>apikey</code> query parameter, effectively mimicking the behavior of a patched <code>ApiKeyMiddleware</code>.</li>
<li>Monitor web server access logs for HTTP requests targeting the <code>/mcp</code> endpoint (IOC: <code>/mcp</code>) that lack explicit API key authentication, as this may indicate attempted exploitation.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>web-vulnerability</category><category>missing-authentication</category><category>api-security</category><category>supply-chain</category><category>http</category></item></channel></rss>