https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 25 Jun 2026 03:59:05 +0000 https://vulnerability.circl.lu/sighting/ff7c4f61-067d-4e10-991e-23f57bdfc8a3/export {"uuid": "ff7c4f61-067d-4e10-991e-23f57bdfc8a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4881", "type": "seen", "source": "https://gist.github.com/Neclode/e868c6230e0f67710aaf558313f9fa67", "content": "# CVE-2026-4881 \u2014 Kubernetes Kubelet Certificate Rotation Race Condition\n\n**CVSS 8.1 (HIGH)** | Published April 28, 2026 | Updated May 15, 2026\n\n## Summary\n\nA race condition in kubelet TLS certificate rotation affects Kubernetes versions 1.28 through 1.31. During the approximately 90-second certificate renewal window, an adjacent network attacker can intercept kubelet API traffic via MitM.\n\n## Affected Versions\n\n| Version | Status |\n|---------|--------|\n| v1.28.x | Affected |\n| v1.29.x | Affected |\n| v1.30.x | Affected |\n| v1.31.x | Affected |\n| v1.32.0+ | Fixed |\n\n## Details\n\nThe kubelet certificate rotation mechanism contains a time-of-check to time-of-use (TOCTOU) flaw. When the kubelet requests a new serving certificate from the cluster CA, there is a window where the old certificate has been marked for rotation but the new certificate has not yet been installed. During this window, the kubelet falls back to a self-signed bootstrap certificate that does not chain to the cluster CA.\n\nAn attacker on the same network segment can exploit this window to present their own certificate and intercept API server to kubelet communications, including exec, logs, and port-forward requests.\n\n## Mitigation\n\n- Upgrade to Kubernetes v1.32.0 or later\n- Enable mutual TLS verification on all kubelet communications\n- Monitor for certificate rotation anomalies using audit logging\n\n## Full Advisory\n\nFull technical details, proof of concept, and timeline available at:\n\n**https://cloudsec-research.org/advisories/k8s-2026-04-rotation**\n\n## References\n\n- Advisory ID: CSRG-2026-0428\n- Tracking: KSRC-2026-04-ROTATION\n- CWE: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)\n- CloudSec Research Group: https://cloudsec-research.org\n\n---\n*Published by CloudSec Research Group under coordinated disclosure.*\n", "creation_timestamp": "2026-05-18T23:56:50.000000Z"} {"uuid": "ff7c4f61-067d-4e10-991e-23f57bdfc8a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4881", "type": "seen", "source": "https://gist.github.com/Neclode/e868c6230e0f67710aaf558313f9fa67", "content": "# CVE-2026-4881 \u2014 Kubernetes Kubelet Certificate Rotation Race Condition\n\n**CVSS 8.1 (HIGH)** | Published April 28, 2026 | Updated May 15, 2026\n\n## Summary\n\nA race condition in kubelet TLS certificate rotation affects Kubernetes versions 1.28 through 1.31. During the approximately 90-second certificate renewal window, an adjacent network attacker can intercept kubelet API traffic via MitM.\n\n## Affected Versions\n\n| Version | Status |\n|---------|--------|\n| v1.28.x | Affected |\n| v1.29.x | Affected |\n| v1.30.x | Affected |\n| v1.31.x | Affected |\n| v1.32.0+ | Fixed |\n\n## Details\n\nThe kubelet certificate rotation mechanism contains a time-of-check to time-of-use (TOCTOU) flaw. When the kubelet requests a new serving certificate from the cluster CA, there is a window where the old certificate has been marked for rotation but the new certificate has not yet been installed. During this window, the kubelet falls back to a self-signed bootstrap certificate that does not chain to the cluster CA.\n\nAn attacker on the same network segment can exploit this window to present their own certificate and intercept API server to kubelet communications, including exec, logs, and port-forward requests.\n\n## Mitigation\n\n- Upgrade to Kubernetes v1.32.0 or later\n- Enable mutual TLS verification on all kubelet communications\n- Monitor for certificate rotation anomalies using audit logging\n\n## Full Advisory\n\nFull technical details, proof of concept, and timeline available at:\n\n**https://cloudsec-research.org/advisories/k8s-2026-04-rotation**\n\n## References\n\n- Advisory ID: CSRG-2026-0428\n- Tracking: KSRC-2026-04-ROTATION\n- CWE: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)\n- CloudSec Research Group: https://cloudsec-research.org\n\n---\n*Published by CloudSec Research Group under coordinated disclosure.*\n", "creation_timestamp": "2026-05-18T23:56:50.000000Z"} https://vulnerability.circl.lu/sighting/ff7c4f61-067d-4e10-991e-23f57bdfc8a3/export Mon, 18 May 2026 23:56:50 +0000 https://vulnerability.circl.lu/sighting/67d21ec3-55ba-40e0-8c14-573b4c6c77ea/export {"uuid": "67d21ec3-55ba-40e0-8c14-573b4c6c77ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48810", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmzjls6xuq2q", "content": "CVE-2026-48810 - FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check\nCVE ID : CVE-2026-48810\n \n Published : May 29, 2026, 8:16 p.m. | 15\u00a0minutes ago\n \n Description : FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1...", "creation_timestamp": "2026-05-29T21:54:28.143354Z"} {"uuid": "67d21ec3-55ba-40e0-8c14-573b4c6c77ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48810", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmzjls6xuq2q", "content": "CVE-2026-48810 - FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check\nCVE ID : CVE-2026-48810\n \n Published : May 29, 2026, 8:16 p.m. | 15\u00a0minutes ago\n \n Description : FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1...", "creation_timestamp": "2026-05-29T21:54:28.143354Z"} https://vulnerability.circl.lu/sighting/67d21ec3-55ba-40e0-8c14-573b4c6c77ea/export Fri, 29 May 2026 21:54:28 +0000 https://vulnerability.circl.lu/sighting/321e0508-35df-42a1-b530-31d9ec38bb54/export {"uuid": "321e0508-35df-42a1-b530-31d9ec38bb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48811", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmzk5vpbtf27", "content": "CVE-2026-48811 - FreeScout: Thread Deletion Bypasses Mailbox Access Revocation\nCVE ID : CVE-2026-48811\n \n Published : May 29, 2026, 8:16 p.m. | 15\u00a0minutes ago\n \n Description : FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, ...", "creation_timestamp": "2026-05-29T22:04:36.119200Z"} {"uuid": "321e0508-35df-42a1-b530-31d9ec38bb54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48811", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmzk5vpbtf27", "content": "CVE-2026-48811 - FreeScout: Thread Deletion Bypasses Mailbox Access Revocation\nCVE ID : CVE-2026-48811\n \n Published : May 29, 2026, 8:16 p.m. | 15\u00a0minutes ago\n \n Description : FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, ...", "creation_timestamp": "2026-05-29T22:04:36.119200Z"} https://vulnerability.circl.lu/sighting/321e0508-35df-42a1-b530-31d9ec38bb54/export Fri, 29 May 2026 22:04:36 +0000 https://vulnerability.circl.lu/sighting/199c2c60-44b2-4277-a129-731e022f1fd3/export {"uuid": "199c2c60-44b2-4277-a129-731e022f1fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4881", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnhhnymzsy2x", "content": "CVE-2026-4881 - Octopus Server API Unauthorized Server Level Changes\nCVE ID : CVE-2026-4881\n \n Published : June 4, 2026, 10:16 a.m. | 16\u00a0minutes ago\n \n Description : In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated u...", "creation_timestamp": "2026-06-04T10:57:10.997968Z"} {"uuid": "199c2c60-44b2-4277-a129-731e022f1fd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4881", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnhhnymzsy2x", "content": "CVE-2026-4881 - Octopus Server API Unauthorized Server Level Changes\nCVE ID : CVE-2026-4881\n \n Published : June 4, 2026, 10:16 a.m. | 16\u00a0minutes ago\n \n Description : In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated u...", "creation_timestamp": "2026-06-04T10:57:10.997968Z"} https://vulnerability.circl.lu/sighting/199c2c60-44b2-4277-a129-731e022f1fd3/export Thu, 04 Jun 2026 10:57:10 +0000 https://vulnerability.circl.lu/sighting/2d08c674-0869-4d8c-b42a-29a8dd83a7bd/export {"uuid": "2d08c674-0869-4d8c-b42a-29a8dd83a7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48814", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moj5qnuvcd2w", "content": "CRITICAL: Jovancoding Network-AI \u22645.7.1 lets unauthenticated callers invoke all MCP tools if default secret is empty. Upgrade to 5.7.2 now. https://radar.offseq.com/threat/cve-2026-48814-cwe-306-missing-authentication-for--a37c283f4afc7554 #OffSeq #CVE202648814 #AppSec", "creation_timestamp": "2026-06-17T20:30:15.025720Z"} {"uuid": "2d08c674-0869-4d8c-b42a-29a8dd83a7bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-48814", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3moj5qnuvcd2w", "content": "CRITICAL: Jovancoding Network-AI \u22645.7.1 lets unauthenticated callers invoke all MCP tools if default secret is empty. Upgrade to 5.7.2 now. https://radar.offseq.com/threat/cve-2026-48814-cwe-306-missing-authentication-for--a37c283f4afc7554 #OffSeq #CVE202648814 #AppSec", "creation_timestamp": "2026-06-17T20:30:15.025720Z"} https://vulnerability.circl.lu/sighting/2d08c674-0869-4d8c-b42a-29a8dd83a7bd/export Wed, 17 Jun 2026 20:30:15 +0000 https://vulnerability.circl.lu/sighting/ef382c12-db62-4cd2-a9f8-0a5ceab2dc20/export {"uuid": "ef382c12-db62-4cd2-a9f8-0a5ceab2dc20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48814", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojevvheah2c", "content": "CVE-2026-48814 - Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)\nCVE ID : CVE-2026-48814\n \n Published : June 17, 2026, 7:42 p.m. | 2\u00a0hours ago\n \n Description : Network-AI is a TypeScript/Node.js multi-agent orchestrator. In ve...", "creation_timestamp": "2026-06-17T22:38:26.114245Z"} {"uuid": "ef382c12-db62-4cd2-a9f8-0a5ceab2dc20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48814", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojevvheah2c", "content": "CVE-2026-48814 - Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)\nCVE ID : CVE-2026-48814\n \n Published : June 17, 2026, 7:42 p.m. | 2\u00a0hours ago\n \n Description : Network-AI is a TypeScript/Node.js multi-agent orchestrator. In ve...", "creation_timestamp": "2026-06-17T22:38:26.114245Z"} https://vulnerability.circl.lu/sighting/ef382c12-db62-4cd2-a9f8-0a5ceab2dc20/export Wed, 17 Jun 2026 22:38:26 +0000 https://vulnerability.circl.lu/sighting/93cc9f72-9bfa-4306-b1ae-f8f8c6bb91b9/export {"uuid": "93cc9f72-9bfa-4306-b1ae-f8f8c6bb91b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48817", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojh4tpt4r27", "content": "CVE-2026-48817 - Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`\nCVE ID : CVE-2026-48817\n \n Published : June 17, 2026, 7:48 p.m. | 1\u00a0hour, 54\u00a0minutes ago\n \n Description : Starlette is a lightweight ASGI framework/toolkit. In versions 1.0....", "creation_timestamp": "2026-06-17T23:18:06.377112Z"} {"uuid": "93cc9f72-9bfa-4306-b1ae-f8f8c6bb91b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48817", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mojh4tpt4r27", "content": "CVE-2026-48817 - Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`\nCVE ID : CVE-2026-48817\n \n Published : June 17, 2026, 7:48 p.m. | 1\u00a0hour, 54\u00a0minutes ago\n \n Description : Starlette is a lightweight ASGI framework/toolkit. In versions 1.0....", "creation_timestamp": "2026-06-17T23:18:06.377112Z"} https://vulnerability.circl.lu/sighting/93cc9f72-9bfa-4306-b1ae-f8f8c6bb91b9/export Wed, 17 Jun 2026 23:18:06 +0000 https://vulnerability.circl.lu/sighting/f8582823-fb68-47c6-b888-6902ce1090ac/export {"uuid": "f8582823-fb68-47c6-b888-6902ce1090ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48814", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-r78r-rwrf-rjwp", "content": "", "creation_timestamp": "2026-06-19T13:34:24.000000Z"} {"uuid": "f8582823-fb68-47c6-b888-6902ce1090ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-48814", "type": "published-proof-of-concept", "source": "https://github.com/advisories/GHSA-r78r-rwrf-rjwp", "content": "", "creation_timestamp": "2026-06-19T13:34:24.000000Z"} https://vulnerability.circl.lu/sighting/f8582823-fb68-47c6-b888-6902ce1090ac/export Fri, 19 Jun 2026 13:34:24 +0000 https://vulnerability.circl.lu/sighting/5405f18e-74af-4cbc-9a41-3175d0974776/export {"uuid": "5405f18e-74af-4cbc-9a41-3175d0974776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48814", "type": "seen", "source": "https://gist.github.com/alon710/95012eaaac31573d3f20cff3cfbc3e84", "content": "# CVE-2026-48814: CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer\n\n> **CVSS Score:** 9.1\n> **Published:** 2026-06-19\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48814\n\n## Summary\nCVE-2026-48814 is a critical vulnerability classified as Missing Authentication for Critical Function (CWE-306) in Network-AI, a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the Model Context Protocol (MCP) Server-Sent Events (SSE) server allows unauthenticated, cross-origin invocation of sensitive orchestration tools. This vulnerability stems from an incomplete fix for CVE-2026-46701, where library-level server class initializations still default to an insecure empty-secret configuration, allowing remote attackers or Server-Side Request Forgery (SSRF) agents to execute administrative tools.\n\n## TL;DR\nThe Network-AI library (versions <= 5.7.1) features an insecure default configuration in its MCP Server-Sent Events server component. If initialized without a secret, it permits unauthenticated remote callers to invoke any of its 22 critical orchestration tools, potentially leading to unauthorized data exposure, state mutation, and arbitrary agent spawning.\n\n## Technical Details\n\n- **CWE ID**: CWE-306 (Missing Authentication for Critical Function)\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 9.1 (Critical)\n- **EPSS Score**: 0.00297 (~0.30% probability)\n- **Impact**: High Confidentiality, High Integrity, No Availability\n- **Exploit Status**: None (No public weaponized exploit available)\n- **KEV Status**: Not listed in CISA KEV Catalog\n\n## Affected Systems\n\n- Network-AI library environments implementing custom McpSseServer integrations\n- Node.js multi-agent orchestration backends running network-ai versions <= 5.7.1\n- **network-ai**: <= 5.7.1 (Fixed in: `5.7.2`)\n\n## Mitigation\n\n- Upgrade the network-ai dependency to version 5.7.2 or later.\n- Instantiate the McpSseServer class with a non-empty, cryptographically secure secret.\n- Restrict binding configurations to loopback addresses (127.0.0.1, localhost) instead of binding to 0.0.0.0.\n- Utilize local standard input/output (McpStdioTransport) transport channels where network binding is not strictly required.\n\n**Remediation Steps:**\n1. Run 'npm install network-ai@5.7.2' to update the library to the patched version.\n2. Audit custom integration files importing 'McpSseServer' from 'network-ai' and ensure a strong secret is passed during initialization.\n3. Ensure the server initialization code does not fail open when environment variables are missing.\n\n## References\n\n- [GitHub Security Advisory Record](https://github.com/Jovancoding/Network-AI/security/advisories/GHSA-r78r-rwrf-rjwp)\n- [GitHub Release Log v5.7.2](https://github.com/Jovancoding/Network-AI/releases/tag/v5.7.2)\n- [GitHub Advisory Database Mapping](https://github.com/advisories/GHSA-j3vx-cx2r-pvg8)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48814) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T14:11:51.000000Z"} {"uuid": "5405f18e-74af-4cbc-9a41-3175d0974776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-48814", "type": "seen", "source": "https://gist.github.com/alon710/95012eaaac31573d3f20cff3cfbc3e84", "content": "# CVE-2026-48814: CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer\n\n> **CVSS Score:** 9.1\n> **Published:** 2026-06-19\n> **Full Report:** https://cvereports.com/reports/CVE-2026-48814\n\n## Summary\nCVE-2026-48814 is a critical vulnerability classified as Missing Authentication for Critical Function (CWE-306) in Network-AI, a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the Model Context Protocol (MCP) Server-Sent Events (SSE) server allows unauthenticated, cross-origin invocation of sensitive orchestration tools. This vulnerability stems from an incomplete fix for CVE-2026-46701, where library-level server class initializations still default to an insecure empty-secret configuration, allowing remote attackers or Server-Side Request Forgery (SSRF) agents to execute administrative tools.\n\n## TL;DR\nThe Network-AI library (versions <= 5.7.1) features an insecure default configuration in its MCP Server-Sent Events server component. If initialized without a secret, it permits unauthenticated remote callers to invoke any of its 22 critical orchestration tools, potentially leading to unauthorized data exposure, state mutation, and arbitrary agent spawning.\n\n## Technical Details\n\n- **CWE ID**: CWE-306 (Missing Authentication for Critical Function)\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 9.1 (Critical)\n- **EPSS Score**: 0.00297 (~0.30% probability)\n- **Impact**: High Confidentiality, High Integrity, No Availability\n- **Exploit Status**: None (No public weaponized exploit available)\n- **KEV Status**: Not listed in CISA KEV Catalog\n\n## Affected Systems\n\n- Network-AI library environments implementing custom McpSseServer integrations\n- Node.js multi-agent orchestration backends running network-ai versions <= 5.7.1\n- **network-ai**: <= 5.7.1 (Fixed in: `5.7.2`)\n\n## Mitigation\n\n- Upgrade the network-ai dependency to version 5.7.2 or later.\n- Instantiate the McpSseServer class with a non-empty, cryptographically secure secret.\n- Restrict binding configurations to loopback addresses (127.0.0.1, localhost) instead of binding to 0.0.0.0.\n- Utilize local standard input/output (McpStdioTransport) transport channels where network binding is not strictly required.\n\n**Remediation Steps:**\n1. Run 'npm install network-ai@5.7.2' to update the library to the patched version.\n2. Audit custom integration files importing 'McpSseServer' from 'network-ai' and ensure a strong secret is passed during initialization.\n3. Ensure the server initialization code does not fail open when environment variables are missing.\n\n## References\n\n- [GitHub Security Advisory Record](https://github.com/Jovancoding/Network-AI/security/advisories/GHSA-r78r-rwrf-rjwp)\n- [GitHub Release Log v5.7.2](https://github.com/Jovancoding/Network-AI/releases/tag/v5.7.2)\n- [GitHub Advisory Database Mapping](https://github.com/advisories/GHSA-j3vx-cx2r-pvg8)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-48814) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T14:11:51.000000Z"} https://vulnerability.circl.lu/sighting/5405f18e-74af-4cbc-9a41-3175d0974776/export Fri, 19 Jun 2026 14:11:51 +0000