CyberRota
← Ana sayfaya dön

CVE-2026-58446

MEDIUM · CVSS 6.5 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-30T22:16:57.963 · Çekilme zamanı: 2026-07-01T06:08:38.635208+00:00

CyberRota Yorumu

Uzaktan istismar edilebilir olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-58446
Severity
MEDIUM
CVSS
6.5
EPSS
Yok
Nginx Docker

Orijinal NVD Açıklaması

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PASSWORD), is reachable unauthenticated at /mcp because the nginx front-end does not apply the auth_request gate to that path and the MCP server auto-mints a valid internal session token for the configured user. A remote unauthenticated attacker can invoke MCP tools such as generate_presentation, performing authenticated application actions, consuming the operators configured LLM API keys, and creating presentations in the operators instance. The Electron desktop build is not affected (MCP disabled).