Improper Restriction of Communication Channel to Intended Endpoints Affecting @grackle-ai/mcp package, versions <0.70.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-GRACKLEAIMCP-15874101
- published2 Apr 2026
- disclosed25 Mar 2026
- creditUnknown
Introduced: 25 Mar 2026
New CVE NOT AVAILABLE CWE-923 (opens in a new tab)How to fix?
Upgrade @grackle-ai/mcp to version 0.70.2 or higher.
Overview
@grackle-ai/mcp is a MCP (Model Context Protocol) server for Grackle — translates MCP tool calls to ConnectRPC
Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the knowledge_search and knowledge_get_node MCP tools, which do not enforce workspace scoping. An attacker can access knowledge graph data from unauthorized workspaces by supplying arbitrary workspaceId parameters. This is only exploitable if scoped agent tokens are used in multi-workspace deployments.
Workaround
This vulnerability can be mitigated by not using scoped agent tokens in multi-workspace deployments or by removing knowledge_search and knowledge_get_node from the SCOPED_TOOLS set in tool-scoping.ts.