CRITICAL
Jovancoding
CVE published 2026-06-17
CVE-2026-48814
CVE-2026-48814 is a critical vulnerability in Network-AI, a TypeScript/Node.js multi-agent orchestrator. Versions 5.7.1 and earlier are affected by an issue allowing unauthenticated cross-origin MCP tool invocation. This is due to an empty default secret used by the MCP SSE server. Although CVE-2026-46701 partially addressed this issue in version 5.4.5 by restricting CORS to localhost origins, the empty d [truncated]