ArcadeAI's arcade-mcp is a platform for creating, deploying, and sharing MCP servers. Prior to version 1.5.4, the HTTP server component contains a critical cryptographic flaw: it uses a hardcoded default worker secret key set to "dev". This key is embedded in the code and is never validated or replaced during normal server startup, meaning the authentication mechanism relies on a static secret that attackers can easily guess or discover. The server uses JSON Web Tokens (JWTs) for authentication, signing tokens with this secret. Because the secret is known and unchangeable, an attacker can forge valid JWTs without any credentials or authentication. This allows full bypass of the FastAPI authentication layer protecting the worker endpoints. Consequently, attackers gain remote, unauthenticated access to sensitive functionality such as enumerating available tools and invoking them remotely. This compromises the confidentiality and integrity of the system, as unauthorized users can execute arbitrary operations. The vulnerability is network exploitable without any user interaction or privileges. Although no known exploits have been reported in the wild, the flaw is severe due to the ease of exploitation and the broad access it grants. The issue is classified under CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-798 (Use of Hard-coded Credentials). The vendor fixed the vulnerability in arcade-mcp version 1.5.4 by removing or properly securing the secret key.

For European organizations using arcade-mcp versions prior to 1.5.4, this vulnerability poses a significant risk. Attackers can remotely bypass authentication and gain unauthorized access to internal tools and services managed by the arcade-mcp server. This can lead to unauthorized data access, manipulation, and potential disruption of services relying on these tools. Confidentiality is compromised as sensitive information about available tools and their functions can be enumerated and exploited. Integrity is at risk since attackers can invoke tools remotely, potentially altering system states or data. Although availability impact is not directly indicated, unauthorized tool invocation could lead to service disruptions. Given the ease of exploitation without authentication or user interaction, attackers can rapidly compromise vulnerable systems. This risk is heightened in environments where arcade-mcp servers are exposed to untrusted networks or the internet. European organizations in sectors such as gaming, software development, or any industry leveraging ArcadeAI’s platform could face operational and reputational damage if exploited.

European organizations should immediately verify if they are running arcade-mcp versions earlier than 1.5.4. The primary mitigation is to upgrade all affected instances to version 1.5.4 or later, where the hardcoded secret is removed or properly secured. If upgrading is not immediately possible, organizations should restrict network access to arcade-mcp servers by implementing strict firewall rules, allowing only trusted internal IP addresses to connect. Additionally, monitoring and logging of all authentication attempts and tool invocations should be enhanced to detect suspicious activity indicative of JWT forgery or unauthorized access. Organizations should also consider implementing additional layers of authentication or API gateway protections in front of arcade-mcp endpoints. Regular security audits and code reviews should be conducted to identify any other hardcoded secrets or similar cryptographic weaknesses. Finally, educating developers and administrators about the risks of hardcoded credentials and enforcing secure key management practices will help prevent similar vulnerabilities.