CVE-2026-34200

HIGH

Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port

Title source: cna

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-34200. PoCs published by skoveit, XZ1r0.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-34200, targeting the Nhost MCP Server. The vulnerability arises from a lack of authentication and permissive CORS policies, allowing unauthenticated cross-origin requests to execute administrative commands, leading to full infrastructure compromise.

Description

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to issue cross-origin requests to the MCP server and invoke privileged tools using the developer's locally configured credentials. This vulnerability requires two explicit, non-default configuration steps to be exploitable. The default nhost mcp start configuration is not affected. This issue has been patched in version 1.41.0.

Exploits (2)

nomisec WORKING POC 3 stars

by skoveit · poc

https://github.com/skoveit/CVE-2026-34200

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-34200, targeting the Nhost MCP Server. The vulnerability arises from a lack of authentication and permissive CORS policies, allowing unauthenticated cross-origin requests to execute administrative commands, leading to full infrastructure compromise.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Nhost MCP Server

No auth needed

Prerequisites: Nhost MCP Server running on localhost:8080 · Victim visits attacker-controlled website

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 22, 2026 Full analysis →

github WORKING POC

by XZ1r0 · pythonpoc

https://github.com/XZ1r0/cve-2026-poc-collection/tree/main/other/CVE-2026-34200

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2026-34200, demonstrating a CORS bypass and authentication bypass in the Nhost CLI's MCP server. The exploit leverages a malicious website to exfiltrate sensitive data via cross-origin requests.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Nhost CLI MCP server

No auth needed

Prerequisites: Nhost MCP server running locally · Victim visits a malicious website

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed May 21, 2026 Full analysis →

References (3)

Core 3

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/nhost/nhost/security/advisories/GHSA-6c5x-3h35-vvw2

X_Refsource_Misc x_refsource_misc

https://github.com/nhost/nhost/pull/4060

X_Refsource_Misc x_refsource_misc

https://github.com/nhost/nhost/commit/15eae9285f9dce63e184b9bb24616474ffa5ccc9

View Writeup ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0015

EPSS Percentile 36.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-306 CWE-942

Status published

Products (2)

nhost/cli < 1.41.0

nhost/nhost < 1.41.0

Published Mar 31, 2026

Tracked Since Mar 31, 2026