{"id":"CVE-2026-49471","summary":"Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE","details":"Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A DNS rebinding attack allows a malicious webpage to reach this API from any browser and write arbitrary content to the agent's persistent memory store, which the agent reads and acts on autonomously. Combined with execute_shell_command using shell=True, this creates a remote code execution chain requiring only that the victim visit a malicious webpage while Serena is running. This issue is fixed in version v1.5.2.","aliases":["GHSA-37h2-6p4f-mp3q"],"modified":"2026-07-11T03:54:03.548761105Z","published":"2026-07-07T20:50:50.545Z","database_specific":{"cwe_ids":["CWE-306","CWE-352"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49471.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/oraios/serena/releases/tag/v1.5.2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49471.json"},{"type":"ADVISORY","url":"https://github.com/oraios/serena/security/advisories/GHSA-37h2-6p4f-mp3q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-49471"},{"type":"FIX","url":"https://github.com/oraios/serena/commit/016ccbe1c095a3eed7967737ac1d4df2754f5d96"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/oraios/serena","events":[{"introduced":"0"},{"fixed":"016ccbe1c095a3eed7967737ac1d4df2754f5d96"},{"fixed":"2ee8f100b25c4d8c8c9b416c3175bb4be413a19c"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.5.2"}],"source":["AFFECTED_FIELD","REFERENCES"]}}],"versions":["v1.5.1","v1.5.0","v1.2.0","v1.1.2","v1.1.1","v1.1.0","v1.0.0","v0.1.4","v0.1.3","v0.1.2","v0.1.1","v0.1.0","2025-06-20","2025-05-21","2025-05-19","2025-04-01"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-49471.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}]}