Network-AI, a TypeScript/Node.js multi-agent orchestrator, has a critical missing authentication vulnerability (CWE-306) in its MCP SSE server in versions up to 5.7.1. The server defaults to an empty secret, causing the _isAuthorized() function to always return true when the secret is empty. Although CVE-2026-46701 partially mitigated the issue by restricting CORS to localhost in version 5.4.5, the empty-secret flaw persisted, allowing unauthenticated access to all 22 MCP tools via non-browser clients such as curl or SSRF. This enables unauthorized invocation of sensitive functions including config_set, agent_spawn, blackboard_write, and token management. The issue was resolved in version 5.7.2.

An attacker can invoke all MCP tools without authentication, leading to full compromise of the orchestrator's critical functions. This includes configuration changes, spawning agents, modifying shared data, and managing tokens, potentially resulting in unauthorized control and data manipulation. The CVSS score of 9.1 reflects the high impact on confidentiality and integrity with no required privileges or user interaction.

Upgrade to Network-AI version 5.7.2 or later, where the empty default secret issue is fixed. Until upgrading, restrict network access to the MCP SSE server to trusted clients only, as the server runs fully unauthenticated by default in affected versions. Patch status is confirmed fixed in 5.7.2.