Skip to content

Pantheon-Security/notebooklm-mcp-secure

v2026.1.12 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3mo MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai automation browser-automation claude google llm
+5 more
mcp model-context-protocol notebooklm research typescript

Affected surfaces

auth rce_ssrf deps

Summary

AI summary

Patched a HIGH severity cross‑client data leak (GHSA-345p-7cg4-v4c7) in MCP SDK 1.26.0.

Full changelog

Security Hardening Release

Comprehensive remediation from 4 independent code reviews (Code Quality, Performance, Sustainability, Medusa Security Scan). 23 fixes across 18 files.

Security

  • Constant-time auth — token comparison now uses secureCompare (prevents timing attacks)
  • Command injection fixexecSync() replaced with execFileSync() in file-permissions
  • MCP SDK 1.26.0 — patches HIGH severity cross-client data leak (GHSA-345p-7cg4-v4c7)
  • Audit hash chain — increased to 128-bit truncation for collision resistance
  • Settings validation — parsed JSON validated before merge (prevents property injection)
  • Error sanitization — internal identifiers removed from error messages
  • Dockerfile hardened with --no-install-recommends
  • Config validationNOTEBOOK_PROFILE_STRATEGY validated against allowed values

Fixed — Memory & Concurrency

  • CONFIG mutation race condition — removed all 6 Object.assign(CONFIG, ...) sites
  • RateLimiter memory leak — empty keys now evicted
  • FinalizationRegistry — fixed self-reference preventing GC of secure buffers
  • Event listener leakframenavigated listener cleaned up after 30s timeout
  • Timer leak — SecureCredential auto-wipe timer now .unref()'d

Performance

  • Regex precompilation in sanitizeForLogging (~30-40% faster)
  • IPC reductiondetectRateLimitError consolidated from 8+ calls to 1
  • O(n) dedup in notebook extraction (was O(n^2))
  • ESM import fix — removed inline require('path')

Code Quality

  • Version strings unified to use package.json version
  • Debounced library save — no longer writes to disk on every query
  • ToolResult type safety — default changed from any to unknown

Medusa Scan Analysis

  • 107 findings analyzed: 100 false positives, 7 true positives (all fixed)
  • Detailed FP analysis documented in medusa-fp-analysis.md

Full Changelog

https://github.com/Pantheon-Security/notebooklm-mcp-secure/compare/v2026.1.11...v2026.1.12

Security Fixes

  • MCP SDK 1.26.0 patches HIGH severity cross‑client data leak (GHSA-345p-7cg4-v4c7)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Pantheon-Security/notebooklm-mcp-secure

Get notified when new releases ship.

Sign up free

About Pantheon-Security/notebooklm-mcp-secure

Security-hardened NotebookLM MCP with post-quantum encryption (ML-KEM-768), GDPR/SOC2/CSSF compliance, and 14 security layers. Query Google's Gemini-grounded research from Claude and AI agents.

All releases →

Related context

Beta — feedback welcome: [email protected]