From a3f015758096fcda0461c2d758c73f8bd7405844 Mon Sep 17 00:00:00 2001
From: barrett-opal <barrett@opal.dev>
Date: Tue, 23 Sep 2025 10:40:23 -0700
Subject: [PATCH] Update impl.ts to remove outside access to server

See issue here:
https://www.backslash.security/blog/hundreds-of-mcp-servers-vulnerable-to-abuse

0.0.0.0 is overly permissive, should be localhost 127.0.0.1
---
 src/mcp-server/cli/start/impl.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mcp-server/cli/start/impl.ts b/src/mcp-server/cli/start/impl.ts
index 51899c7..5767990 100644
--- a/src/mcp-server/cli/start/impl.ts
+++ b/src/mcp-server/cli/start/impl.ts
@@ -96,7 +96,7 @@ async function startSSE(flags: StartCommandFlags) {
     await transport.handlePostMessage(req, res);
   });
 
-  const httpServer = app.listen(flags.port, "0.0.0.0", () => {
+  const httpServer = app.listen(flags.port, "127.0.0.1", () => {
     const ha = httpServer.address();
     const host = typeof ha === "string" ? ha : `${ha?.address}:${ha?.port}`;
     logger.info("MCP HTTP server started", { host });