icoretech/warden-mcp

v0.1.9 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

bitwarden mcp mcp-server model-context-protocol password-manager vaultwarden

Affected surfaces

auth

Summary

AI summary

Validate that the receive URL uses HTTPS before passing it to the bw CLI, fixing a security issue.

Full changelog

0.1.9 (2026-03-21)

Features

add NOREVEAL env var to force-disable secret reveals (034286c)

Bug Fixes

security: validate receive URL is HTTPS before passing to bw CLI (3932c5d)

Security Fixes

validate receive URL is HTTPS before passing to bw CLI — prevents insecure URL handling (no CVE ID provided)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track icoretech/warden-mcp

Get notified when new releases ship.

About icoretech/warden-mcp

MCP server for Bitwarden and Vaultwarden vault management. Search, create, edit, and organize logins, notes, cards, identities, SSH keys, folders, collections, attachments, and Sends via the official `bw` CLI.

All releases →