Vulnerability  ·  2026-07-02

Presenton MCP Server — Unauthenticated MCP Endpoint in Docker/Server Deployments Allows Session Token Minting and API Key Abuse

VulnerabilityMedium impactGlobalCVE-2026-58446
CVE-2026-58446 (CVSS 6.5 Medium), published 2026-06-30, is a misconfiguration in Presenton's nginx routing where the /mcp path is omitted from the authentication gate. The MCP server then helpfully mints session tokens for any caller, creating a complete authentication bypass. A public PoC is available per securityvulnerability.io.
Presenton is an AI presentation generator with an MCP server that exposes tools for content generation and API key usage. Unauthenticated access to the MCP interface means attackers can abuse the platform's AI API keys (burning quota and cost) and invoke tools to generate content or access internal sessions. The nginx misconfiguration pattern is likely common in other MCP-server-enabled applications.
The nginx front-end applies auth_request gates to all paths except /mcp. The MCP server auto-mints internal session tokens for unauthenticated callers at that path. An unauthenticated remote attacker can invoke any MCP tool (e.g., generate presentations, read internal data) and use the auto-minted tokens for sensitive operations, bypassing the configured session authentication entirely.
Presenton before 0.8.8-beta (server/Docker deployments with AUTH_USERNAME/AUTH_PASSWORD configured)
Upgrade to Presenton 0.8.8-beta. Fix commit: https://github.com/presenton/presenton/commit/a1103dcef3c761cc8bab44e2862c81a49969abd7
Sources
NVD CVE-2026-58446securityvulnerability.io — CVE-2026-58446 Detail and PoCGitHub fix commit
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →