engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt i

Severity:: High

Description

The local HTTP server started by engram server (binding 127.0.0.1:7337 by default) was exposed to any browser origin with no authentication unless ENGRAM_API_TOKEN was explicitly set.

Recommendation

Update the engramx package to the latest compatible version. Followings are version details:

Affected version(s): < 2.0.2
Patched version(s): 2.0.2

References

GHSA-2r2p-4cgf-hv7h
CWE-1188
CWE-306
CWE-352
CWE-942
OWASP 2021-A1
OWASP 2021-A5
OWASP 2021-A7

Related Issues

CSRF vulnerability in save-server - CVE-2020-15135
@yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools - CVE-2026-44895
Path Traversal in angular-http-server - angular-http-server - Vulnerability
auth-fetch-mcp: SSRF and disk exfiltration via unvalidated auth_fetch and download_media URLs - Vulnerability

How to Secure your NodeJs Express Javascript Application - part 1

Exploiting Server Version Disclosure

CSRF, XXE, and 12 Other Security Acronyms Explained

Tags:: npm; engramx

Anything's wrong? Let us know Last updated on April 23, 2026