MEDIUM
markmhendrickson
CVE published 2026-05-29
CVE-2026-45577
## Summary Neotoma (versions 0.6.0 to before 0.11.1) contains an authentication bypass vulnerability where public reverse-proxied requests received over a loopback socket without a Bearer token are incorrectly treated as local requests. This allows the REST auth middleware to resolve unauthenticated requests as the local development user, exposing the hosted Inspector and related API surface without crede [truncated]