VYPR

Network AI

by Jovancoding

Source repositories

CVEs (3)

  • CVE-2026-54051criJun 19, 2026
    risk 0.52cvss epss

    ## Summary The agent sandbox gates shell commands behind an allowlist (`SandboxPolicy.isCommandAllowed`), which THREAT_MODEL.md calls the main control against a compromised agent (Adversary 3.2). The allowlist glob-matches the whole command string, but `ShellExecutor` runs that…

  • CVE-2026-42856HigMay 11, 2026
    risk 0.50cvss epss 0.00

    Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind…

  • CVE-2026-46701higMay 21, 2026
    risk 0.38cvss epss 0.00

    # Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository | Jovancoding/Network-AI | | Affected version | v5.4.4 (commit c12686e181f231cf8d7bcf836a96d78f0f0877ac) | ## Summary The…