GHSA-fp6w-8wpg-74g5: stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback

May 29, 2026

Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node to a non-loopback URL.

References

github.com/advisories/GHSA-fp6w-8wpg-74g5
github.com/eidetic-labs/stigmem/blob/v0.9.0a2/CHANGELOG.md
github.com/eidetic-labs/stigmem/blob/v0.9.0a2/SECURITY.md
github.com/eidetic-labs/stigmem/releases/tag/v0.9.0a2
github.com/eidetic-labs/stigmem/security/advisories/GHSA-fp6w-8wpg-74g5

Code Behaviors & Features

Detect and mitigate GHSA-fp6w-8wpg-74g5 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →