CVE-2026-34742
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (https://github.com/modelcontextprotocol/go-sdk).
CVSS VectorVendor: https://github.com/modelcontextprotocol/go-sdk
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
The Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances.
Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport.
Servers created via StreamableHTTPHandler or SSEHandler now have this protection enabled by default when binding to localhost. Users are advised to update to version 1.4.0 to receive this automatic protection.
AnalysisAI
DNS rebinding attacks can bypass same-origin policy in Model Context Protocol (MCP) Go SDK versions prior to 1.4.0, enabling malicious websites to send unauthorized requests to localhost HTTP servers. Affects servers using StreamableHTTPHandler or SSEHandler when run without authentication on localhost. No public exploit identified at time of analysis, though the attack technique (DNS rebinding) is well-documented. CVSS scoring unavailable, but real-world risk is constrained to non-recommended configurations lacking authentication.
Technical ContextAI
The Model Context Protocol (MCP) Go SDK (pkg:go/github.com_modelcontextprotocol_go-sdk) implements server handlers for HTTP-based communication between clients and MCP servers. DNS rebinding is a browser-based attack (CWE-1188: Insecure Default Initialization of Resource) where an attacker-controlled domain resolves to 127.0.0.1 after initial DNS lookup, tricking the browser's same-origin policy into treating localhost services as same-origin with the attacker's site. The vulnerable StreamableHTTPHandler and SSEHandler components failed to implement rebinding protections (such as Host header validation) by default, allowing cross-origin requests from malicious websites to localhost MCP servers. This specifically affects HTTP transport configurations; stdio transport-based servers communicate via standard input/output rather than network sockets and are not susceptible to this attack vector. The Go SDK now implements Host header validation and other rebinding countermeasures automatically for localhost bindings in version 1.4.0.
RemediationAI
Upgrade to Model Context Protocol Go SDK version 1.4.0 or later, which enables DNS rebinding protection automatically for HTTP servers bound to localhost. Update Go module dependencies using 'go get github.com/modelcontextprotocol/go-sdk@v1.4.0' and rebuild affected applications. No code changes are required-protection activates automatically upon upgrade for StreamableHTTPHandler and SSEHandler instances. As a defense-in-depth measure, implement authentication on all HTTP-based MCP servers regardless of version, following MCP security best practices documented by the vendor. Consider migrating localhost MCP servers to stdio transport where architecturally feasible, as this transport method is immune to DNS rebinding attacks. If upgrading is not immediately possible, implement custom Host header validation to reject requests with unexpected Host values, or restrict HTTP server binding to loopback interfaces with firewall rules preventing external access. Reference the vendor advisory at https://github.com/modelcontextprotocol/go-sdk/security/advisories/GHSA-xw59-hvm2-8pj6 for additional security guidance.
Same technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-xw59-hvm2-8pj6