Skip to content

sec(slm): browser MCP endpoints missing authentication (navigate, screenshot) #3451

Closed
#3460
Closed
sec(slm): browser MCP endpoints missing authentication (navigate, screenshot)#3451
#3460
Labels
P2-mediumbackendbugSomething isn't working
@mrveiss

Description

@mrveiss
mrveiss
opened on Apr 4, 2026

Problem

`autobot-slm-backend/api/browser.py` exposes three unauthenticated endpoints:

  • `GET /browser/mcp/status`
  • `POST /browser/mcp/navigate` — navigates the server's browser to any URL
  • `POST /browser/mcp/screenshot` — captures and returns a screenshot

No `get_current_user` or `require_admin` dependency is present on the router
or any individual route. An unauthenticated caller can:

  1. Navigate the server browser to arbitrary URLs (SSRF vector)
  2. Retrieve screenshots of whatever the browser currently shows

Fix

Add router-level auth:
```python
from services.auth import get_current_user
router = APIRouter(
prefix="/browser/mcp",
tags=["browser"],
dependencies=[Depends(get_current_user)],
)
```

`/status` may remain unauthenticated if needed for health checks, but
`/navigate` and `/screenshot` must require authentication.

Discovery

Found during auth coverage audit triggered by PR #3438 (#3423 fix).

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2-mediumbackendbugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions