Jovancoding/Network-AI

v5.4.5 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 18d MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

agent-framework agent-orchestration ai-agents autogen blackboard blackboard-architecture

+14 more

crewai hermes hermes-agent langchain llm mcp multi-agent nemoclaw nodejs openclaw orchestration rlm typescript workflow-engine

Affected surfaces

auth breaking_upgrade

ReleasePort's take

Moderate signal

editorial:auto 9d

The MCP SSE server now mandates a non‑empty secret and limits CORS to localhost origins, eliminating the prior unrestricted access vulnerability.

Why it matters: Security: CVE severity not provided; enforcement triggers when no secret is supplied or origin isn’t localhost/127.0.0.1 – operators must configure secrets before upgrade.

Summary

AI summary

Security fix: MCP SSE server now requires a non‑empty secret and restricts CORS to localhost origins.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	High	Default empty secret caused unconditional authorization in MCP SSE server. Default empty secret caused unconditional authorization in MCP SSE server. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Security	Medium	Default empty secret allowed unconditional SSE access. Default empty secret allowed unconditional SSE access. Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Unconditional CORS header enabled cross‑origin silent tool invocation. Unconditional CORS header enabled cross‑origin silent tool invocation. Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Access-Control-Allow-Origin restricted to localhost/127.0.0.1 only. Access-Control-Allow-Origin restricted to localhost/127.0.0.1 only. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	MCP server requires explicit --secret or environment variable for SSE mode. MCP server requires explicit --secret or environment variable for SSE mode. Source: llm_adapter@2026-05-21 Confidence: high	—
Deprecation	Medium	Empty‑string default secret no longer grants open access. Empty‑string default secret no longer grants open access. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	SSE mode now hard‑exits if no secret is provided. SSE mode now hard‑exits if no secret is provided. Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

Network-AI v5.4.5 — Security fix: GHSA-j3vx-cx2r-pvg8

Severity: High (CWE-346, CVSS 7.6)
Reported by: 232-323, min8282

What was wrong

The MCP SSE server defaulted to an empty secret (process.env['NETWORK_AI_MCP_SECRET'] ?? ''), which caused _isAuthorized to return true unconditionally for every request. Combined with an unconditional Access-Control-Allow-Origin: * header, any cross-origin web page could silently invoke all 22 MCP tools (including config_set, agent_spawn, blackboard_write) against a default-configured localhost server — with no credentials required.

Fixes

bin/mcp-server.ts — SSE mode now hard-exits at startup if no --secret / NETWORK_AI_MCP_SECRET is provided. Empty-string default no longer allows open access.
lib/mcp-transport-sse.ts — Access-Control-Allow-Origin changed from unconditional * to an allowlist restricted to localhost and 127.0.0.1 origins only. Non-local origins receive no ACAO header. Vary: Origin added. Duplicate CORS block removed.

Migration

If you run the SSE server (npx network-ai-server), you must now pass a secret:

npx network-ai-server --secret <your-token> --port 3001
# or
export NETWORK_AI_MCP_SECRET=<your-token>
npx network-ai-server --port 3001

Stdio mode (--stdio) is unaffected — no secret required for local pipe-based clients.

Stats

29 test suites, 2,976 passing assertions (unchanged)
Zero TypeScript compile errors

Full Changelog

https://github.com/Jovancoding/Network-AI/blob/main/CHANGELOG.md

Breaking Changes

MCP SSE mode now hard‑exits at startup if `--secret`/`NETWORK_AI_MCP_SECRET` is not provided (empty string no longer allowed).

Security Fixes

GHSA-j3vx-cx2r-pvg8 — MCP SSE server defaulted to empty secret causing unconditional authorization; fixed by requiring a non‑empty secret and limiting `Access-Control-Allow-Origin` to localhost/127.0.0.1 (CWE-346, CVSS 7.6).

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Jovancoding/Network-AI

Get notified when new releases ship.

About Jovancoding/Network-AI

Multi-agent orchestration MCP server with race-condition-safe shared blackboard. 20+ MCP tools: blackboard read/write, agent spawn/stop, FSM transitions, budget tracking, token management, and audit log query. `npx network-ai-server --port 3001`.

All releases →