CamoFox MCP: Unauthenticated HTTP MCP browser-control surface

Description

No description available.

Recommendation

Update the camofox-mcp package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.13.2
• Patched version(s): 1.13.2

References

• GHSA-7hgr-7h44-33w2
• CWE-306
• OWASP 2021-A7

Related Issues

• Network-AI missing authentication on MCP HTTP endpoint, which allows unauthenticated privileged tool calls - CVE-2026-42856
• Downloads Resources over HTTP in dalek-browser-chrome-canary - CVE-2016-10584
• google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability - CVE-2023-48711
• dalek-browser-ie downloads Resources over HTTP - CVE-2016-10605

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

camofox-mcp