CVE-2026-48814: CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer

CVE-2026-48814: Missing Authentication for Critical Orchestration Tools in Network-AI McpSseServer

Vulnerability ID: CVE-2026-48814
CVSS Score: 9.1
Published: 2026-06-19

CVE-2026-48814 is a critical vulnerability classified as Missing Authentication for Critical Function (CWE-306) in Network-AI, a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the Model Context Protocol (MCP) Server-Sent Events (SSE) server allows unauthenticated, cross-origin invocation of sensitive orchestration tools. This vulnerability stems from an incomplete fix for CVE-2026-46701, where library-level server class initializations still default to an insecure empty-secret configuration, allowing remote attackers or Server-Side Request Forgery (SSRF) agents to execute administrative tools.

TL;DR

The Network-AI library (versions <= 5.7.1) features an insecure default configuration in its MCP Server-Sent Events server component. If initialized without a secret, it permits unauthenticated remote callers to invoke any of its 22 critical orchestration tools, potentially leading to unauthorized data exposure, state mutation, and arbitrary agent spawning.

---

Technical Details

• CWE ID: CWE-306 (Missing Authentication for Critical Function)
• Attack Vector: Network
• CVSS v3.1 Score: 9.1 (Critical)
• EPSS Score: 0.00297 (~0.30% probability)
• Impact: High Confidentiality, High Integrity, No Availability
• Exploit Status: None (No public weaponized exploit available)
• KEV Status: Not listed in CISA KEV Catalog

Affected Systems

• Network-AI library environments implementing custom McpSseServer integrations
• Node.js multi-agent orchestration backends running network-ai versions <= 5.7.1
• network-ai: <= 5.7.1 (Fixed in: 5.7.2)

Code Analysis

Commit: 63da3d3

Enforced bearer token authentication and fail-closed security logic for McpSseServer

@@ -328,10 +338,11 @@ export class McpSseServer {

   /**
    * Returns true when the request carries a valid `Authorization: Bearer <secret>`
-   * header, or when no secret is configured (open access).
+   * header. Fails closed: an empty or missing secret always returns false.
+   */
   private _isAuthorized(req: http.IncomingMessage): boolean {
-    if (!this._opts.secret) return true;
+    if (!this._opts.secret) return false;

Mitigation Strategies

• Upgrade the network-ai dependency to version 5.7.2 or later.
• Instantiate the McpSseServer class with a non-empty, cryptographically secure secret.
• Restrict binding configurations to loopback addresses (127.0.0.1, localhost) instead of binding to 0.0.0.0.
• Utilize local standard input/output (McpStdioTransport) transport channels where network binding is not strictly required.

Remediation Steps:

1. Run 'npm install network-ai@5.7.2' to update the library to the patched version.
2. Audit custom integration files importing 'McpSseServer' from 'network-ai' and ensure a strong secret is passed during initialization.
3. Ensure the server initialization code does not fail open when environment variables are missing.

References

• GitHub Security Advisory Record
• GitHub Release Log v5.7.2
• GitHub Advisory Database Mapping

---

Read the full report for CVE-2026-48814 on our website for more details including interactive diagrams and full exploit analysis.