v5.4.5 — Security fix: GHSA-j3vx-cx2r-pvg8 (CWE-346 High — empty secret + wildcard CORS)

Severity: High (CWE-346, CVSS 7.6)

Network-AI v5.4.5 — Security fix: GHSA-j3vx-cx2r-pvg8

Severity: High (CWE-346, CVSS 7.6) Reported by: 232-323, min8282

What was wrong

The MCP SSE server defaulted to an empty secret (process.env['NETWORK_AI_MCP_SECRET'] ?? ''), which caused _isAuthorized to return true unconditionally for every request. Combined with an unconditional Access-Control-Allow-Origin: * header, any cross-origin web page could silently invoke all 22 MCP tools (including config_set, agent_spawn, blackboard_write) against a default-configured localhost server — with no credentials required.

Fixes

• bin/mcp-server.ts — SSE mode now hard-exits at startup if no --secret / NETWORK_AI_MCP_SECRET is provided. Empty-string default no longer allows open access.
• lib/mcp-transport-sse.ts — Access-Control-Allow-Origin changed from unconditional * to an allowlist restricted to localhost and 127.0.0.1 origins only. Non-local origins receive no ACAO header. Vary: Origin added. Duplicate CORS block removed.

Migration

If you run the SSE server (npx network-ai-server), you must now pass a secret:

npx network-ai-server --secret <your-token> --port 3001
# or
export NETWORK_AI_MCP_SECRET=<your-token>
npx network-ai-server --port 3001

Stdio mode (--stdio) is unaffected — no secret required for local pipe-based clients.

Stats

• 29 test suites, 2,976 passing assertions (unchanged)
• Zero TypeScript compile errors

Full Changelog

https://github.com/Jovancoding/Network-AI/blob/main/CHANGELOG.md