CVE-2026-58446 PUBLISHED

Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint

Assigner: VulnCheck
Reserved: 30.06.2026 Published: 30.06.2026 Updated: 01.07.2026

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PASSWORD), is reachable unauthenticated at /mcp because the nginx front-end does not apply the auth_request gate to that path and the MCP server auto-mints a valid internal session token for the configured user. A remote unauthenticated attacker can invoke MCP tools such as generate_presentation, performing authenticated application actions, consuming the operators configured LLM API keys, and creating presentations in the operators instance. The Electron desktop build is not affected (MCP disabled).

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor presenton
Product presenton
Versions Default: unaffected
  • affected from 0 to 0.8.8-beta (excl.)

Credits

  • George Chen finder

References

Problem Types

  • Missing Authentication for Critical Function CWE