The MCP HTTP transport in Network‑AI allows JSON‑RPC tool requests to be forwarded to the orchestrator without any form of authentication, session validation, origin check, or token verification. Consequently, an unauthenticated user can invoke operatives that are normally protected, potentially taking full control of the orchestration environment. This flaw is a classic authentication bypass (CWE‑306) that could enable arbitrary privileged operations and compromise confidentiality, integrity, and availability of the orchestrator and the systems it manages.

Products affected are the Jovancoding Network‑AI orchestrator versions prior to 5.1.3. The vulnerability applies to all network deployments that bind the MCP HTTP endpoint to the default address 0.0.0.0, meaning any host with network access to the service, including internal and external actors, can exploit it.

The CVSS score of 8.7 classifies this vulnerability as Critical, and it is not listed in the CISA KEV catalog. With no documented exploit workload, the EPSS score is missing, yet the open network exposure and the lack of authentication make the exploitation likelihood high. An attacker with network reachability can freely enumerate available tools and invoke them, effectively bypassing all access controls. Given the severity, an organization should treat this flaw as a high‑priority risk requiring immediate action.