GHSA-r78r-rwrf-rjwp: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests
Summary
The Network-AI package (npm `network-ai`, v5.7.1) has an incomplete security fix for CVE-2026-46701. While a previous update blocked browser-based attacks by restricting CORS (cross-origin resource sharing, which controls what websites can access a server), the core problem remains: the server still defaults to an empty secret and accepts all requests without authentication, meaning anyone who can reach the server directly (via curl, SSRF (server-side request forgery, where an attacker tricks a server into making requests), or a non-loopback network bind) can invoke all 22 available tools without providing credentials.
Solution / Mitigation
The source recommends implementing the original advisory's remediation #1: 'refuse to start SSE mode with an empty secret (unless `--stdio`), and/or change `_isAuthorized` to fail closed (an empty configured secret should mean "deny", not "allow").' The fix should require a non-empty secret at startup and call `process.exit(1)` if one is not provided, rather than only issuing a warning when binding to a non-loopback address.
Vulnerability Details
EPSS: 0.3%
Yes
June 19, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-r78r-rwrf-rjwp
First tracked: June 19, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%