Nhost CLI MCP Server Inbound Authentication Vulnerability on Explicitly Bound Network Port

A vulnerability exists in the Nhost CLI MCP server in versions prior to 1.41.0, when explicitly configured to listen on a network port. The server fails to apply inbound authentication and does not enforce strict Cross-Origin Resource Sharing (CORS) policies. This allows a malicious website, accessed from the same machine, to send cross-origin requests to the MCP server and use privileged tools with the developer's local credentials. The vulnerability requires two specific configuration steps to be exploitable, and the default MCP server configuration is not affected.

Impact

Exploitation allows access to the MCP tools 'cloud-graphql-query', 'graphql-query', and 'manage-graphql', depending on the victim's Nhost configuration.

Reproduction

To reproduce this vulnerability, first log in to Nhost and configure the MCP server to access cloud projects. Then, start the MCP server with explicit network binding to a port. After the server is running, confirm that it is accepting cross-origin requests by checking the CORS headers. Finally, host a simple website that sends a request to the MCP server's endpoint and invokes a privileged tool.

Remediation

Update to Nhost CLI version 1.41.0 or later, which removes the option to bind the MCP server to a network port.