{"data":{"id":"e6628ce8-8ba9-46cb-98bd-2d4cf87ca49d","title":"GHSA-647h-p824-99w7: @grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool","summary":"The @grackle-ai/mcp library has a workspace authorization bypass vulnerability in its knowledge_search and knowledge_get_node tools. These tools are marked as available to scoped agents (agents with limited permissions tied to a specific workspace), but they don't properly check which workspace a user belongs to, allowing a scoped agent in Workspace A to access sensitive data from Workspace B by specifying an arbitrary workspaceId parameter.","solution":"Add `authContext` parameter to `knowledge_search` and `knowledge_get_node` handlers and enforce workspace scoping by using this code pattern:\n\n```typescript\nconst resolvedWorkspaceId =\n  authContext?.type === \"scoped\"\n    ? authContext.workspaceId ?? \"\"\n    : workspaceId ?? \"\";\n```\n\nThis ensures scoped agents can only access their own workspace. As a temporary workaround, remove `knowledge_search` and `knowledge_get_node` from the `SCOPED_TOOLS` set in `tool-scoping.ts` or do not use scoped agent tokens in multi-workspace deployments until the fix is applied.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-647h-p824-99w7","publishedAt":"2026-03-25T17:23:11.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["@grackle-ai/mcp@<= 0.70.1 (fixed: 0.70.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Grackle AI","@grackle-ai/mcp"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-03-25T17:23:11.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}