CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



GHSA-H4G2-XFMW-Q2C9

GHSA-H4G2-XFMW-Q2C9: Missing Authentication Bypass in Clauster Configuration Validator

Amit Schendel
Amit Schendel
Senior Security Researcher

Jul 10, 2026·5 min read·4 visits

Executive Summary (TL;DR)

Clauster v0.2.1 and below allows a silent authentication bypass on non-loopback network bindings if the 'auth.enabled' configuration key is omitted, leading to remote code execution.

Clauster versions up to and including v0.2.1 suffer from an authentication bypass vulnerability. This issue occurs when Clauster is configured with an authentication method but the master auth.enabled key is omitted or set to false, allowing unauthenticated network access to administrative endpoints and arbitrary code execution through managed Claude Code bridges.

Vulnerability Overview

Clauster is a self-hosted web user interface and launcher designed to manage Claude Code remote-control bridges. The platform exposes administrative endpoints to manage active bridges, monitor logs, and configure workspace settings. Claude Code remote-control bridges execute system commands in local project directories under the privileges of the hosting process.

In versions up to and including v0.2.1, Clauster contains a missing authentication vulnerability classified as CWE-306. When deployed on a network-exposed interface without loopback restrictions, the application exposes administrative control APIs and configuration interfaces unauthenticated if the master switch auth.enabled is not explicitly set to true.

This flaw allows unauthenticated remote attackers with network access to the port to access the dashboard and control endpoints. Attackers can leverage this access to execute arbitrary commands through the managed Claude Code bridges, gaining remote code execution on the underlying host system.

Root Cause Analysis

The vulnerability arises from a logic mismatch between the configuration validator and the runtime authentication enforcement layer. The application employs a fail-open design when validating network interfaces and configured credentials.

At runtime, the authentication middleware checks incoming requests only if auth.enabled is explicitly set to true. If auth.enabled is set to false or omitted entirely, the auth guard is bypassed, and all API calls are processed without authentication verification. This design ignores other configured variables such as password_required or reverse_proxy.enabled during runtime checks.

In vulnerable versions, the configuration validator in src/clauster/config.py permitted non-loopback bindings as long as password_required or reverse_proxy.enabled were configured, without verifying that the master auth.enabled key was active. Consequently, operators who configured credentials but omitted the master auth.enabled switch had their configurations validated successfully while the application remained completely unprotected.

Code Patch Analysis

The vulnerability was patched in version v0.2.2 by introducing a robust fail-closed validation routine. A new helper function, _missing_enforced_auth, was added to determine whether a configuration enforces authentication at runtime.

def _missing_enforced_auth(host: str, auth: AuthConfig) -> bool:
    """Return True when binding host would NOT actually enforce authentication."""
    if host in _LOOPBACK_HOSTS:
        return False
    return not (auth.enabled and (auth.password_required or auth.reverse_proxy.enabled))

The configuration validator _loopback_or_authed was updated to utilize this helper. When a non-loopback host is bound and _missing_enforced_auth evaluates to true, the validator raises a ValueError unless the operator has explicitly configured allow_unauthenticated_network to bypass the security check.

a = self.auth
if _missing_enforced_auth(self.host, a) and not a.allow_unauthenticated_network:
    raise ValueError(
        f"refusing non-loopback host={self.host!r} without enforced auth. Set "
        "auth.enabled: true together with auth.password_required ..."
    )

The update also modified administrative diagnostics in src/clauster/ops.py to use the same logic, preventing situations where the setup validator and runtime diagnostics disagree on configuration safety.

Exploitation Methodology

An attacker with network access to the exposed Clauster port can verify the vulnerability by making a direct request to the /api/instances endpoint. Since the authentication guard evaluates auth.enabled as false, it does not prompt for user credentials.

A vulnerable instance returns an HTTP 200 OK status code and a JSON response detailing active projects. A secured instance returns an HTTP 401 Unauthorized status code or is unable to boot due to validation failures.

Once administrative endpoint access is established, the attacker can use the exposed API to list directory structures, view workspace logs, and spawn a Claude Code remote-control bridge. Because the Claude Code process runs commands in the context of the configured directories, the attacker achieves arbitrary command execution.

Impact Assessment

The security impact of this vulnerability is critical, leading to unauthorized code execution with the privileges of the process running Clauster. Successful exploitation yields complete control over the underlying environment and projects managed by the application.

Attackers can access sensitive environment variables, retrieve stored database credentials, manipulate project source code, and compromise the integrity of host files. Because the managed application integrates directly with Claude Code bridges, control over the dashboard acts as a gateway for local shell execution.

This vulnerability has been evaluated with a CVSS v4.0 score of 8.7, reflecting High impact on confidentiality, integrity, and availability. The threat model is highly applicable to deployments utilizing Docker containers, which often bind to 0.0.0.0 by default to handle inter-container network traffic.

Hardening and Mitigation

The recommended remediation is to upgrade the Clauster installation to version v0.2.2 or higher. The updated configuration validator ensures the application will fail to launch if an insecure non-loopback binding is detected.

If upgrading is not immediately possible, operators must verify that auth.enabled is explicitly set to true inside clauster.yml. The configuration must combine this setting with valid credentials, as shown below:

# Secure configuration snippet
host: 0.0.0.0
port: 7621
auth:
  enabled: true
  password_required: true
  password_hash: "$argon2id$v=19$m=65536,t=3,p=4$..."

Additionally, restricting the application binding to loopback (127.0.0.1) minimizes the attack surface. For containerized deployments, mapping ports specifically to loopback addresses prevents external network exposure even if the internal container process binds to wildcard interfaces.

Official Patches

schubydooVulnerability patch and version comparison diff

Fix Analysis (1)

Technical Appendix

CVSS Score
8.7/ 10
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Systems

Clauster

Affected Versions Detail

Product
Affected Versions
Fixed Version
Clauster
schubydoo
<= 0.2.1v0.2.2
AttributeDetail
CWE IDCWE-306
Attack VectorAdjacent Network
CVSS v4 Score8.7
Exploit StatusPoC Available
ImpactRemote Code Execution (RCE)
Affected ComponentConfiguration Validator & Auth Guard

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1059Command and Scripting Interpreter
Execution
T1556Modify Authentication Process
Credential Access
CWE-306
Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a proven identity.

Vulnerability Timeline

Vulnerability Disclosed and Patched in v0.2.2
2026-06-03

References & Sources

  • [1]GHSA-H4G2-XFMW-Q2C9 on GitHub Advisory Database
  • [2]Clauster Repository Security Advisory

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•9 minutes ago•GHSA-G5R6-GV6M-F5JV
7.7

GHSA-G5R6-GV6M-F5JV: Arbitrary File Read and Exfiltration in mcp-atlassian via Missing Path Validation

A directory traversal vulnerability exists in the mcp-atlassian integration server prior to version 0.22.0. The confluence_upload_attachment tool fails to restrict the paths of uploaded files, allowing authenticated users or external prompt injection payloads to retrieve and exfiltrate arbitrary files from the server's filesystem into Confluence.

Amit Schendel
Amit Schendel
0 views•7 min read
•39 minutes ago•CVE-2026-54158
9.9

CVE-2026-54158: Stored Cross-Site Scripting to Host Remote Code Execution in SiYuan

A critical-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the SiYuan personal knowledge management system. Due to missing sanitization in the attribute-view cell renderer and an insecure Electron default configuration (nodeIntegration: true), attackers can execute arbitrary commands on the victim's host operating system through synchronized workspaces.

Alon Barad
Alon Barad
3 views•5 min read
•about 1 hour ago•CVE-2026-50551
9.9

CVE-2026-50551: Stored Cross-Site Scripting to Remote Code Execution via Attribute View Asset Cell Renderer in SiYuan

A critical-severity stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan's Attribute View database asset cell renderer. This flaw allows low-privilege authenticated users to execute arbitrary JavaScript in the application frontend. In Electron-based desktop clients, this execution context can be leveraged to execute arbitrary native operating system commands, resulting in complete system compromise.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 3 hours ago•GHSA-G936-7JQJ-MWV8
8.3

GHSA-g936-7jqj-mwv8: Administrative Token Leakage and Privilege Escalation in TSDProxy

An authentication bypass and token leakage vulnerability exists in TSDProxy before version 1.4.4. The application unconditionally forwards its internal administrative token to all proxied backend services when identity headers are enabled. Attackers with control over an upstream backend can capture this token and replay it to the local management API to achieve full administrative control over the proxy engine.

Alon Barad
Alon Barad
6 views•7 min read
•about 5 hours ago•CVE-2026-54070
7.1

CVE-2026-54070: Stored Cross-Site Scripting via Modern HTML5 Event Handler Bypass in SiYuan Bazaar

A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan prior to version 3.7.0. The vulnerability is located within the server-side Markdown-to-HTML parsing component for the Bazaar marketplace packages. Due to an incomplete event-handler attribute blocklist in the lute parsing engine and a lack of client-side DOM sanitization, malicious package authors can bypass restrictions using modern HTML5 event handlers. When an authenticated administrator views a malicious package, the embedded JavaScript runs in the administrator origin, allowing unauthorized workspace access, local file reading, and remote API execution.

Alon Barad
Alon Barad
5 views•5 min read
•about 6 hours ago•GHSA-489G-7RXV-6C8Q
8.2

CVE-2026-27826: DNS Rebinding TOCTOU Bypass in mcp-atlassian Server

A DNS-rebinding Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mcp-atlassian server before version 0.17.0. The server processes unauthenticated client-supplied URLs via custom headers, validating the destination IP but failing to pin the resolved address before connecting. This allows remote adjacent-network attackers to achieve Server-Side Request Forgery (SSRF) and access restricted resources or cloud metadata services.

Amit Schendel
Amit Schendel
4 views•5 min read