Skip to content

icoretech/warden-mcp

v0.1.7 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

bitwarden mcp mcp-server model-context-protocol password-manager vaultwarden

Affected surfaces

auth rce_ssrf

Summary

AI summary

Disable env credential fallback and prevent CLI option injection by default.

Full changelog

0.1.7 (2026-03-21)

Bug Fixes

  • ci: scope GitHub Actions permissions to least privilege (6837214)
  • security: disable env credential fallback in HTTP mode by default (7c061ee)
  • security: prevent CLI option injection in send/receive commands (284ef75)

Security Fixes

  • Security hardening: disabled env credential fallback (GHSA‑xxxx) and prevented CLI option injection.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track icoretech/warden-mcp

Get notified when new releases ship.

Sign up free

About icoretech/warden-mcp

MCP server for Bitwarden and Vaultwarden vault management. Search, create, edit, and organize logins, notes, cards, identities, SSH keys, folders, collections, attachments, and Sends via the official `bw` CLI.

All releases →

Related context

Beta — feedback welcome: [email protected]