VYPR
← All advisories
Medium severity4.3GHSA Advisory· Published May 20, 2026

Algernon: Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

CVE-2026-46430

Description

Summary

The SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553" — a Go http.Server.Addr of ":5553" listens on every interface. On Windows the same code chose "localhost", binding loopback only.

The result was a platform split where the OS Algernon's dev workflow is most often used on (Linux/macOS) got the network-exposed default, and only Windows users got the loopback-safe one. A LAN peer with no developer interaction could connect to :5553 and read the file-change stream.

This advisory covers the bind-address default in isolation. The fix is independent of authentication (#2a) and CORS (#2b) — switching the default to loopback can be done without touching either.

Details

Root cause — platform-dependent host default in handleFlags
// engine/flags.go:39-46  (1.17.6)
host := ""
if runtime.GOOS == "windows" {
    host = "localhost"
    // Default Bolt database file
    ac.defaultBoltFilename = filepath.Join(serverTempDir, "algernon.db")
    // Default log file
    ac.defaultLogFile = filepath.Join(serverTempDir, "algernon.log")
}

// engine/config.go:388-391  (1.17.6, finalConfiguration)
if ac.eventAddr == "" {
    ac.eventAddr = utils.JoinHostPort(host, ac.defaultEventColonPort)
}

Result tabulated:

| Platform | host | eventAddr after JoinHostPort | Effective bind | |---|---|---|---| | Linux | "" | ":5553" | 0.0.0.0:5553 (all interfaces) | | macOS | "" | ":5553" | 0.0.0.0:5553 (all interfaces) | | Windows | "localhost" | "localhost:5553" | 127.0.0.1:5553 (loopback) |

The same host value also governs the main web server bind, so the platform split affects both ports. The web-server bind on Linux/macOS is a separate (defensible) design decision — a server intended to be reachable; the SSE port is *not* such a service and inherited the same default by accident.

Why this is an independent finding

The fix is a single line: change the default host value, or change the eventAddr default specifically, to "localhost" regardless of platform. No change to authentication or CORS is required to close the network-reach half of the original bundled advisory. A LAN peer can no longer connect — the listener is unreachable from another host — even if the SSE handler still has no authentication and still returns Allow-Origin: *.

PoC (against 1.17.6 on Linux/macOS)

# Operator's laptop on a hotel/cafe/office WiFi:
algernon -a /path/to/project
# => SSE listener bound to 0.0.0.0:5553

# Any peer on the same subnet:
$ curl -sN http://:5553/sse
id: 0
data: /path/to/project/secret-notes.md

id: 1
data: /path/to/project/.env.local

No interaction from the developer is required. The peer needs network reach and nothing else.

Impact

  • Confidentiality: medium. LAN-bounded continuous information disclosure of filenames and edit timing.
  • Integrity: none.
  • Availability: none directly.

The CVSS vector uses AV:A (adjacent network) to model the LAN-only reach. The vector for a misconfigured deployment behind a NAT-less or routed network would shift to AV:N and rise to 5.3.

Suggestions to fix

**Primary fix — pick localhost as the SSE default on every platform.**

// engine/flags.go -- platform-independent default for the event listener
// (keep the existing platform split for the WEB server if desired, but
// not for the event server)
host := "localhost"

Or, more surgically:

// engine/config.go -- finalConfiguration
if ac.eventAddr == "" {
    ac.eventAddr = utils.JoinHostPort("localhost", ac.defaultEventColonPort)
}

An operator who genuinely wants LAN-reachable SSE can pass --eventserver 0.0.0.0:5553 explicitly and accept the consequences.

Stronger fix — eliminate the second listener entirely. Mount the SSE handler on the main mux at /sse. The bind address is then whatever the main server uses; there is no second listener and therefore no second bind-address default to get wrong.

Live verification

Audit-host bind check (Windows 10):

$ netstat -an | findstr 5553
  TCP    127.0.0.1:5553         0.0.0.0:0              LISTENING

Confirms the Windows default is localhost. The Linux/macOS bind to 0.0.0.0:5553 is documented in the code path above; it was not exercised on the audit machine because the audit host was Windows. A maintainer reproducing on a Linux host would see 0.0.0.0:5553 LISTENING from ss -tlnp.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The SSE event server in Algernon before 1.17.6 binds to all network interfaces on Linux/macOS (0.0.0.0:5553) instead of loopback, allowing LAN peers to read the file-change stream without authentication.

Vulnerability

In Algernon versions up to and including 1.17.6, the Server-Sent Events (SSE) event server used for auto-refresh binds to 0.0.0.0:5553 on Linux and macOS by default, due to a platform-dependent host default in engine/flags.go:39-46 that sets host = "" for non-Windows systems. The call utils.JoinHostPort("", ":5553") produces ":5553", which Go's http.Server interprets as listening on all interfaces. On Windows, the default is "localhost", binding only to the loopback interface [1][2][3]. The same host variable also affects the main web server port, but the SSE service is not intended to be network-accessible.

Exploitation

An attacker on the same local network as a developer running Algernon with default settings can connect to :5553 without any prior authentication or interaction. No credentials or special access are required; the SSE endpoint streams file-change events as they occur. The attacker simply opens a connection to the exposed port and receives the event data [2][3].

Impact

Successful exploitation results in unauthorized disclosure of the file-change event stream, which may leak information about files being edited (paths, timestamps, and potentially content snippets sent as part of events). This information disclosure does not grant remote code execution or direct file write access, but it can reveal sensitive details about the development project and environment. The impact is limited to information disclosure with a low CIA severity [2][3].

Mitigation

As of the publication of this advisory, no patched version of Algernon has been released. The fix involves changing the default host value to "localhost" on all platforms or altering the event address assignment in engine/config.go [2][3]. Until a fix is available, users on Linux and macOS should manually bind the event server to the loopback interface by starting Algernon with the --event-addr localhost:5553 flag. This workaround ensures the SSE stream is not reachable from other network hosts.

References
  1. GitHub - xyproto/algernon: Small self-contained pure-Go web server with Lua, Teal, Markdown, Ollama, HTTP/2, QUIC, Redis, SQLite and PostgreSQL support ++
  2. CVE-2026-46430 - GitHub Advisory Database
  3. Auto-refresh SSE event server binds to all interfaces by default on Linux/macOS

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Xyproto/AlgernonGHSA2 versions
    <= 1.17.6+ 1 more
    • (no CPE)range: <= 1.17.6
    • (no CPE)range: <=1.17.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.