mcp-pinot-server v3.0.1 and earlier: Unauthenticated HTTP MCP server bound to 0.0.0.0:8080

mcp-pinot v3.0.1 and earlier default to running an HTTP MCP server bound to 0.0.0.0:8080 with no authentication (oauth_enabled=False). All 14 MCP tools are reachable by any network-adjacent caller, allowing unauthenticated read/write access to the configured Pinot cluster via server-side credentials (confused-deputy). Fixed in v3.1.0 by changing default bind to 127.0.0.1, refusing non-loopback exposure unless OAuth is enabled, making Helm exposure opt-in and OAuth-gated, and adding parser-backed single-statement read-only validation for read-query.

All users of mcp-pinot v2.1.0 through v3.0.1 who expose the server on a network (default bind 0.0.0.0:8080) without enabling OAuth. Any network-adjacent attacker can execute arbitrary SQL queries, create/update schemas and table configs, and read cluster metadata using the server's Pinot credentials.

Upgrade to v3.1.0 immediately. If upgrade is not possible, set MCP_HOST=127.0.0.1 to restrict bind to loopback and ensure the server is not exposed to untrusted networks without OAuth enabled.