Unauthenticated Cross-Origin Vulnerability in Network-AI by Jovancoding
CVE-2026-48814

9.1CRITICAL

Key Information:

Vendor: Jovancoding
Status: Network-ai
Vendor: CVE Published:; 17 June 2026

🔔 Create Jovancoding Vulnerability Alert

What is CVE-2026-48814?

Network-AI versions 5.7.1 and earlier present a significant security flaw where the MCP SSE server allows unauthenticated invocation of various MCP tools due to a lack of a default secret. Despite previous fixes addressing related CORS issues, the server continued to operate without proper authentication, enabling unauthorized non-browser entities to access critical functions without credentials. This vulnerability was resolved in version 5.7.2.