Arcade MCP Authentication Bypass Vulnerability via Hardcoded Worker Secret

A vulnerability in Arcade MCP versions prior to 1.5.4 allows unauthenticated access to all worker endpoints. The issue arises because the HTTP server uses a hardcoded default worker secret, 'dev', which is never validated or changed during server startup. This flaw enables any attacker who knows the default key to forge valid JSON Web Tokens (JWTs) and bypass the FastAPI authentication layer. As a result, attackers can remotely access tool enumeration and invocation features without credentials.

Impact

Exploitation of this vulnerability bypasses authentication, granting full access to all MCP worker endpoints. This allows unauthorized users to enumerate and invoke tools remotely, access data returned by these tools (including sensitive information), and execute actions within internal systems if the tools have such capabilities.

Reproduction

To reproduce this vulnerability, deploy an Arcade MCP server using the official quick-start guide, which sets the worker secret to the default 'dev'. Once the server is running, verify that unauthenticated requests to the '/worker/tools' endpoint are denied. Then, forge a JWT using the 'dev' secret and use it to access the same endpoint, which should now return a successful response with the tool catalog.

Remediation

Users should manually override the default worker secret by setting the 'ARCADE_WORKER_SECRET' environment variable to a secure value before starting the server. This change is reflected in Arcade MCP version 1.5.4 and later.