{"uuid": "b204d980-1cad-4892-8e76-7f396531f37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-49257", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116773238347097877", "content": "CVE-2026-49257: startreedata mcp-pinot <=3.0.1 has a CRITICAL auth bypass. MCP server exposes full read/write access to Pinot clusters on 0.0.0.0:8080. Upgrade to 3.1.0 ASAP. https://radar.offseq.com/threat/cve-2026-49257-cwe-306-missing-authentication-for--c0c28b77341e3a12 #OffSeq #Vulnerability #CVE202649257 #Infosec", "creation_timestamp": "2026-06-18T21:30:16.152288Z"}