Listen to this Post
How the mentioned vulnerability works (technical details):
The ogham-mcp PyPI package inadvertently included hardcoded development credentials in its source distributions (sdists) across 22 releases between February 2026 and April 24, 2026. In the top-level Makefile, three environment variables (NEON_US, NEON_EU, NEON_AP) stored PostgreSQL connection URLs containing plaintext passwords for Neon development databases. These were exposed in all sdists from v0.6.5 up to (but not including) v0.11.0. Separately, a test fixture inside `tests/test_hooks.py` under the function `test_mask_secrets_key_value` contained a real Voyage AI API key (prefix “pa-…”) used to validate a redaction routine. This key was embedded in sdists from v0.6.3 through v0.11.0 (v0.11.1 finally removed it). Because PyPI sdists are downloadable archives containing the full source tree, any developer or CI system that inspected or installed these packages could extract the credentials from the unpacked sdist files. The Neon URLs pointed to live development databases, enabling potential unauthorized database access, queries, or data manipulation. The Voyage key allowed API calls to Voyage AI’s embedding endpoints subject to rate limits. No runtime environment variable injection or configuration file reading was involved – the credentials were static strings inside the distributed source. Attackers only needed to download the sdist from PyPI (e.g., pip download ogham-mcp==0.10.4 --no-binary :all:), extract it, and grep for NEON_US, NEON_EU, `NEON_AP` or the Voyage key pattern. The maintainers rotated all credentials on Neon and Voyage after discovery, yanked affected versions (v0.3.0 through v0.10.4) from PyPI, and added pre-upload scanning (make publish-check) and sdist inclusion/exclusion rules in pyproject.toml to prevent future leaks.
dailycve form:
Platform: PyPI package
Version: >=0.6.3 <0.11.1
Vulnerability: Hardcoded credentials
Severity: Medium
date: 2026-04-24
Prediction: 2026-04-24 (v0.11.1)
What Undercode Say:
Check if installed package version is vulnerable pip show ogham-mcp | grep Version Download vulnerable sdist to inspect credentials (example) pip download ogham-mcp==0.10.4 --no-binary :all: --no-deps tar -xzf ogham-mcp-0.10.4.tar.gz grep -r "NEON_US|NEON_EU|NEON_AP|pa-" ogham-mcp-0.10.4/ Verify clean release v0.11.1 pip download ogham-mcp==0.11.1 --no-binary :all: --no-deps tar -xzf ogham-mcp-0.11.1.tar.gz grep -r "NEON_US|NEON_EU|NEON_AP|pa-" ogham-mcp-0.11.1/ || echo "No credentials found"
Exploit:
Extract affected sdist, locate Makefile for Neon URLs, or open `tests/test_hooks.py` for Voyage key. Use the PostgreSQL URL to connect to Neon development database (e.g., psql $NEON_US). Use Voyage API key in HTTP requests: curl -X POST https://api.voyageai.com/v1/embeddings -H "Authorization: Bearer pa-..." -H "Content-Type: application/json" -d '{"input": "test"}'.
Protection from this CVE:
Upgrade to ogham-mcp v0.11.1 immediately (pip install --upgrade ogham-mcp). If unable to upgrade, audit any existing sdist downloads or installed packages for credentials and rotate any potentially leaked secrets. After upgrading, ensure `pyproject.toml` excludes sensitive directories (benchmarks/, docs/, research/, extras/, /.env) and use `make publish-check` before publishing.
Impact:
Primary risk: unauthorized access to Neon development databases (US, EU, AP regions) leading to data exposure or manipulation; unauthorized use of Voyage AI API key (rate-limited, but could exhaust quota or be used for reconnaissance). No known exploitation observed. All credentials rotated. Affected versions yanked from PyPI.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
