Skip to main content

Nhost

1 CVEs product

Monthly

CVE-2026-34200 HIGH PATCH This Week

Nhost CLI MCP server before version 1.41.0 allows cross-origin requests without authentication when explicitly configured to listen on a network port, enabling malicious websites to invoke privileged tools using developer credentials. The vulnerability requires two explicit non-default configuration steps and does not affect the default configuration, significantly limiting real-world exposure.

Authentication Bypass Nhost
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.1%
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Nhost CLI MCP server before version 1.41.0 allows cross-origin requests without authentication when explicitly configured to listen on a network port, enabling malicious websites to invoke privileged tools using developer credentials. The vulnerability requires two explicit non-default configuration steps and does not affect the default configuration, significantly limiting real-world exposure.

Authentication Bypass Nhost
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy