{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34200", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-26T15:57:52.323Z", "datePublished": "2026-03-31T13:57:42.003Z", "dateUpdated": "2026-03-31T14:30:36.656Z"}, "containers": {"cna": {"title": "Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-942", "lang": "en", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2"}, {"name": "https://github.com/nhost/nhost/pull/4060", "tags": ["x_refsource_MISC"], "url": "https://github.com/nhost/nhost/pull/4060"}, {"name": "https://github.com/nhost/nhost/commit/15eae9285f9dce63e184b9bb24616474ffa5ccc9", "tags": ["x_refsource_MISC"], "url": "https://github.com/nhost/nhost/commit/15eae9285f9dce63e184b9bb24616474ffa5ccc9"}], "affected": [{"vendor": "nhost", "product": "nhost", "versions": [{"version": "< 1.41.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:57:42.003Z"}, "descriptions": [{"lang": "en", "value": "Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to issue cross-origin requests to the MCP server and invoke privileged tools using the developer's locally configured credentials. This vulnerability requires two explicit, non-default configuration steps to be exploitable. The default nhost mcp start configuration is not affected. This issue has been patched in version 1.41.0."}], "source": {"advisory": "GHSA-6c5x-3h35-vvw2", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T14:30:33.127356Z", "id": "CVE-2026-34200", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:30:36.656Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34200", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T14:30:33.127356Z"}}}], "references": [{"url": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T14:30:25.876Z"}}], "cna": {"title": "Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port", "source": {"advisory": "GHSA-6c5x-3h35-vvw2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "nhost", "product": "nhost", "versions": [{"status": "affected", "version": "< 1.41.0"}]}], "references": [{"url": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2", "name": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/nhost/nhost/pull/4060", "name": "https://github.com/nhost/nhost/pull/4060", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/nhost/nhost/commit/15eae9285f9dce63e184b9bb24616474ffa5ccc9", "name": "https://github.com/nhost/nhost/commit/15eae9285f9dce63e184b9bb24616474ffa5ccc9", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to issue cross-origin requests to the MCP server and invoke privileged tools using the developer's locally configured credentials. This vulnerability requires two explicit, non-default configuration steps to be exploitable. The default nhost mcp start configuration is not affected. This issue has been patched in version 1.41.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-942", "description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T13:57:42.003Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34200", "state": "PUBLISHED", "dateUpdated": "2026-03-31T14:30:36.656Z", "dateReserved": "2026-03-26T15:57:52.323Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T13:57:42.003Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nhost:cli:*:*:*:*:*:*:*:*", "matchCriteriaId": "6449E6F2-0FEB-4CB5-AE5B-B22FDB55BA81", "versionEndExcluding": "1.41.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to issue cross-origin requests to the MCP server and invoke privileged tools using the developer's locally configured credentials. This vulnerability requires two explicit, non-default configuration steps to be exploitable. The default nhost mcp start configuration is not affected. This issue has been patched in version 1.41.0."}], "id": "CVE-2026-34200", "lastModified": "2026-04-07T21:08:51.357", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T15:16:17.670", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/nhost/nhost/commit/15eae9285f9dce63e184b9bb24616474ffa5ccc9"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/nhost/nhost/pull/4060"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-942"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.41.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "nhost", "vendor": "nhost"}], "analysis": {"en": {"generated_at": "2026-04-08T00:25:08.653079+00:00", "value": {"mitigation_remediation": ["Upgrade the Nhost CLI to version 1.41.0 or later, which includes inbound authentication and strict CORS enforcement.", "If an upgrade is not immediately possible, configure the MCP server to listen only on localhost or remove any explicit bound network interface configuration.", "Eliminate any unnecessary network bindings in the CLI configuration to reduce the attack surface.", "Continuously monitor the Nhost repository for additional patches or updates."], "summary": {"action": "Patch Now", "impact": "Unauthorized API Access"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Nhost CLI versions prior to 1.41.0 that are configured to bind to a network port. The default configuration, which does not expose a bound port, is not impacted. All other parameters remain unaffected.", "description_and_impact": "The Nhost CLI MCP server, when explicitly configured to listen on a network port, omits inbound authentication and does not enforce strict CORS. This flaw allows a malicious web page running on the same host to send cross\u2013origin requests that are treated as authenticated with the user\u2019s local credentials, enabling the attacker to invoke privileged MCP tools and access local resources.", "risk_and_exploitability": "The CVSS base score is 7.7, indicating high severity. The EPSS score is under 1\u202f% and the flaw is not in the CISA KEV list, suggesting low likelihood of widespread exploitation. Exploitation requires the attacker to host a malicious page on the same machine as the vulnerable CLI and to have the CLI configured with a non\u2011default bound port; this limits the attack vector to local or attacker\u2011controlled environments."}}}}, "created": "2026-03-31T19:54:36.933605+00:00", "updated": "2026-04-08T20:00:22.088699+00:00", "vendors": ["nhost", "nhost$PRODUCT$nhost"]}