xbgmsharp/postgsail-mcp-server

high

Model Context Protocol (MCP) server for PostgSail

This MCP server provides AI agents with read-only access to PostgSail marine data systems, enabling them to search and navigate logs, moorages, stays,...

purpose: This MCP server provides AI agents with read-only threat: network exposed

TypeScript★ 2◷ May 19, 2026⚙ May 20, 2026GITHUB

mcp-serverpostgsail

◆Vulnerability Analysis[ 3 findings in 2 blocks ]

◷ 5/20/2026

high2 findings

src/index.ts

66| // $ MCP_AUTO_OPEN_ENABLED=false HOST=0.0.0.0 DANGEROUSLY_OMIT_AUTH=true npx @modelcontextprotocol/inspector

high1 finding

src/index.ts

2222| const POSTGSAIL_API_URL =
2323|   process.env.POSTGSAIL_API_URL || "http://localhost:3000/";
2424| const PORT = process.env.PORT || 3001;

// Network-exposed MCP server; exploitable if attacker can set environment variables or if the server is misconfigured.

The POSTGSAIL_API_URL is taken directly from an environment variable without validation. An attacker who can control this environment variable can point the server to any URL, causing the MCP server to make requests to arbitrary internal or external hosts (SSRF).

ImpactAn attacker could use the MCP server as a proxy to scan internal networks, access cloud metadata endpoints (e.g., AWS 169.254.169.254), or exfiltrate data to external servers.

FixValidate that POSTGSAIL_API_URL matches an expected pattern (e.g., a specific domain or IP range). Use a whitelist of allowed API endpoints.

◆Heuristic Signals

shell.execpostgres.accessenv.exposureauth.nonenetwork.http

◆Risk Score

LLM-based

high findings+50

medium findings+15