critical
suspicious.env_credential_access
- Location
- dist/index.js:645
- Finding
- Environment variable access combined with network send.
- Evidence
const cfg = resolveConfig(process.env);
LibreNMS
AdvisoryAudited by Static analysis on May 17, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.insecure_tls_verification
Findings (4)
critical
suspicious.env_credential_access
- Location
- dist/mcp-server.js:623
- Finding
- Environment variable access combined with network send.
- Evidence
var cfg = resolveConfig(process.env);
warn
suspicious.insecure_tls_verification
- Location
- dist/index.js:50
- Finding
- HTTPS certificate verification is disabled.
- Evidence
this.dispatcher = new UndiciAgent({ connect: { rejectUnauthorized: false } });
warn
suspicious.insecure_tls_verification
- Location
- dist/mcp-server.js:52
- Finding
- HTTPS certificate verification is disabled.
- Evidence
this.dispatcher = new UndiciAgent({ connect: { rejectUnauthorized: false } });