CVE-2026-58446
Received Received - Intake

MCP Server Authentication Bypass in Presenton

Vulnerability report for CVE-2026-58446, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: VulnCheck

Description

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication (AUTH_USERNAME/AUTH_PASSWORD), is reachable unauthenticated at /mcp because the nginx front-end does not apply the auth_request gate to that path and the MCP server auto-mints a valid internal session token for the configured user. A remote unauthenticated attacker can invoke MCP tools such as generate_presentation, performing authenticated application actions, consuming the operators configured LLM API keys, and creating presentations in the operators instance. The Electron desktop build is not affected (MCP disabled).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
presenton presenton to 0.8.8-beta (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Presenton versions before 0.8.8-beta, where an MCP server bundled with the software is accessible without authentication at the /mcp path when deployed on server or Docker with session authentication configured. The nginx front-end does not enforce authentication on this path, allowing a remote attacker to access MCP tools without credentials.

The MCP server automatically generates a valid internal session token for the configured user, enabling the attacker to perform authenticated actions such as generating presentations and using the operator's configured LLM API keys. The Electron desktop build is not affected because MCP is disabled there.

Impact Analysis

An attacker can remotely access the MCP server without authentication and perform actions as if they were an authenticated user. This includes generating presentations and consuming the operator's LLM API keys, potentially leading to unauthorized use of resources and manipulation of the application.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58446. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart