Security Advisory: Missing Authentication for Critical Function in Jovancoding/Network-AI | Field | Value | |---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Aff…
| CVE ID | CVE-2026-42856 |
| Vendor | npm |
| Affected Product | network-ai |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.5 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
Jovancoding/Network-AI | Field | Value ||---|---| | Project | Jovancoding/Network-AI | | Repository | https://github.com/Jovancoding/Network-AI | | Affected commit | c344f2053eb0d49395988f803bf92f2a86b2a0d0 | | Affected tested version | 5.1.2 | | Vulnerability type | CWE-306: Missing Authentication for Critical Function | | Severity | High | | Authentication required | None | | Default network exposure | Bind address 0.0.0.0 | | Reporter validation date | 2026-04-21 |
tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. As a result,Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.