[ ⌘K ]
← BACK TO SEARCH

DavideArena/bring-mcp-server

high

No description

MCP server (purpose undetermined)

purpose: MCP server (purpose undetermined)threat: network exposed
TypeScript0May 20, 2026May 20, 2026GITHUB
Vulnerability Analysis[ 3 findings in 3 blocks ]
5/20/2026
high1 finding
src/config.ts
12const envPath = process.env.TEST_CI === 'true' ? '/../.env.ci' : '/../.env';
13export const config = envSchema<ConfigType>({
14  schema: ConfigSchema,
15  dotenv: {
16    path: __dirname + envPath,
17  },
18});
src/index.ts:1src/config.ts:1

// Exploitable if an attacker gains file read access to the server, which is more likely when the MCP is network-exposed.

The configuration loads credentials (BRING_EMAIL, BRING_PASSWORD, BRING_API_KEY) from a .env file in plaintext. While this is a common pattern, it means credentials are stored unencrypted on disk, and if the MCP server is exposed to an untrusted network, an attacker could read the .env file if they gain file access.

ImpactAn attacker with file system access (e.g., via path traversal or other vulnerability) could read the .env file and obtain Bring API credentials, allowing them to impersonate the user and access/modify their shopping lists.

FixUse a secrets manager or encrypted environment variable storage. Ensure .env files are not committed to version control and have restricted file permissions.

medium1 finding
src/handlers.ts
163if (item) {
164  await bringClient.removeItemFromList(listId, item);
165  return { ... };
166}
167
168const items = await bringClient.getItems(listId);
169for (const entry of items.purchase) {
170  await bringClient.removeItemFromList(listId, entry.name);
171}
172return { content: [{ type: 'text', text: `All items removed from list '${list.name}'.` }] };
src/index.ts:1src/handlers.ts:1src/tool.ts:1

// Exploitable if the LLM is compromised (e.g., via prompt injection) and the user has authorized the tool.

The remove-item-or-all-from-bring-list tool allows removing all items from a list in one operation. While this is a documented feature, it is a destructive action that could be abused by a compromised LLM to clear a user's shopping list without per-item confirmation.

ImpactA compromised LLM could delete all items from a Bring shopping list, causing data loss and inconvenience.

FixConsider requiring explicit confirmation for bulk removal, or limiting the tool to remove only one item at a time.

medium1 finding
src/handlers.ts
84const { listId } = validateToolArgsParameters<
85  typeof GetBringListItemsParamsSchema
86>(getBringListItemsTool, parameters);
src/index.ts:1src/handlers.ts:1src/tool.ts:1

// Exploitable if the Bring API does not properly enforce authorization on listId, or if an attacker can guess/brute-force list UUIDs.

The listId parameter is only validated as a string via TypeBox schema. There is no validation that the listId belongs to the authenticated user or is a valid UUID format. An attacker could provide arbitrary listId values, potentially enumerating or accessing lists belonging to other users if the Bring API does not enforce authorization.

ImpactAn attacker could attempt to access or modify Bring shopping lists that do not belong to the authenticated user, leading to unauthorized data access or modification.

FixValidate that the listId corresponds to a list owned by the authenticated user before performing operations. Use UUID format validation and check against the user's list of lists.

Heuristic Signals
env.exposure

Risk Score

55
LLM-based
high findings+25
medium findings+30