Skip to main content

Red Hat CVE-2026-33252

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-03-19 https://github.com/modelcontextprotocol/go-sdk GHSA-89xv-2j6f-qhc8
7.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
SUSE
HIGH
qualitative
Red Hat
7.1 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 19, 2026 - 17:00 vuln.today
Patch released
Mar 19, 2026 - 17:00 nvd
Patch available
CVE Published
Mar 19, 2026 - 16:42 nvd
HIGH 7.1

DescriptionGitHub Advisory

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary website to send MCP requests to a local server and potentially trigger tool execution.

Impact:

A malicious website may have been able to send cross-site POST requests with Content-Type: text/plain, which due to CORS-safelisted properties would reach the MCP message handling without any CORS preflight barrier.

Fix:

The SDK was modified to perform Content-Type header validation for POST requests and introduced a configurable protection for verifying the origin of the request in commit a433a83. Users are advised to update to v1.4.1 to use this additional protection.

Note: v1.4.1 requires Go 1.25 or later.

Credits:

Thank you to Lê Minh Quân for reporting the issue.

AnalysisAI

The Go SDK's Streamable HTTP transport fails to validate the Origin header and Content-Type on POST requests, allowing attackers to send cross-site requests that bypass CORS protections and trigger MCP tool execution on vulnerable servers without authorization. This affects deployments using stateless or sessionless configurations where an attacker can host a malicious website to send arbitrary MCP requests to a victim's local server. A patch is available that implements Content-Type validation and configurable origin verification.

Technical ContextAI

The vulnerability exists in the Model Context Protocol (MCP) Go SDK, specifically identified through CPE pkg:go/github.com_modelcontextprotocol_go-sdk, where the Streamable HTTP transport implementation fails to validate the Origin header for incoming POST requests and accepts requests with Content-Type: text/plain instead of requiring application/json. This is classified as CWE-352 (Cross-Site Request Forgery), a vulnerability class where web applications fail to verify that requests originate from authorized sources. The flaw is particularly critical in stateless or sessionless configurations where no additional authorization layer exists to prevent unauthorized access.

RemediationAI

Update the Model Context Protocol Go SDK to version 1.4.1 or later, which includes the security fix implemented in commit a433a83 (https://github.com/modelcontextprotocol/go-sdk/commit/a433a831d6e5d5ac3b9e625a8095aa8eaa040dfc). Note that version 1.4.1 requires Go 1.25 or later, so ensure your Go environment meets this requirement before upgrading. As an interim measure, implement proper authorization mechanisms for all MCP endpoints and consider restricting access to the MCP server through network-level controls or reverse proxy configurations that validate request origins.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-33252 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy