What happened
CVE-2026-58446 (CVSS 6.5 Medium), published 2026-06-30, is a misconfiguration in Presenton's nginx routing where the /mcp path is omitted from the authentication gate. The MCP server then helpfully mints session tokens for any caller, creating a complete authentication bypass. A public PoC is available per securityvulnerability.io.
Why it matters
Presenton is an AI presentation generator with an MCP server that exposes tools for content generation and API key usage. Unauthenticated access to the MCP interface means attackers can abuse the platform's AI API keys (burning quota and cost) and invoke tools to generate content or access internal sessions. The nginx misconfiguration pattern is likely common in other MCP-server-enabled applications.
Attack vector
The nginx front-end applies auth_request gates to all paths except /mcp. The MCP server auto-mints internal session tokens for unauthenticated callers at that path. An unauthenticated remote attacker can invoke any MCP tool (e.g., generate presentations, read internal data) and use the auto-minted tokens for sensitive operations, bypassing the configured session authentication entirely.
Affected systems
Presenton before 0.8.8-beta (server/Docker deployments with AUTH_USERNAME/AUTH_PASSWORD configured)
Mitigation
Upgrade to Presenton 0.8.8-beta. Fix commit: https://github.com/presenton/presenton/commit/a1103dcef3c761cc8bab44e2862c81a49969abd7