Skip to main content

Java CVE-2026-35568

| EUVD-2026-19954 HIGH
Origin Validation Error (CWE-346)
2026-04-07 https://github.com/modelcontextprotocol/java-sdk GHSA-8jxr-pr72-r468
Java Information Disclosure Nginx
7.6
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
Patch released
Apr 08, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Apr 07, 2026 - 20:16 euvd
EUVD-2026-19954
Analysis Generated
Apr 07, 2026 - 20:16 vuln.today
CVE Published
Apr 07, 2026 - 20:13 nvd
HIGH 7.6

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 31 maven packages depend on io.modelcontextprotocol.sdk:mcp-core (11 direct, 20 indirect)

Ecosystem-wide dependent count for version 1.0.0.

DescriptionNVD

Summary

The java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent.

This allows an attacker to make any tool call to the server as if they were a locally running MCP connected AI agent.

Details

Prior to 1.0.0 no Origin header validation was occurring, in violation of the MCP specification. Base Protocol > Transports: 2.0.1 Security Warning:

> 1: Servers MUST validate the Origin header on all incoming connections to prevent DNS rebinding attacks.

When the web server serving HTTP traffic to the MCP server does not perform standard CORS checks, a DNS rebinding attack is possible.

Some default server configurations and frameworks come with embedded Origin header validation. MCP servers built using those are not vulnerable to this issue. For example, the following are NOT vulnerable:

  • Spring AI

Impact

Any developer connecting to a malicious website can inadvertently allow an attacker to make tool calls to local or private-network MCP servers.

Workarounds

Users can mitigate this risk by:

  1. Running the MCP server behind a reverse proxy (like Nginx or HAProxy) configured to strictly validate the Host and Origin headers.
  2. Using a framework that inherently enforces strict CORS and Origin validation (such as Spring AI).

AnalysisAI

DNS rebinding in Model Context Protocol (MCP) Java SDK before v1.0.0 enables remote attackers to invoke arbitrary tool calls on local or network-private MCP servers via a victim's browser. The SDK failed to validate Origin headers per MCP specification requirements, violating mandatory server-side protections against cross-origin attacks. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all applications and services using MCP Java SDK and identify current versions deployed. Within 7 days: Upgrade MCP Java SDK to version v1.0.0 or later across all affected systems. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
CVE-2026-46529
May 27

Pre-NVD disclosure via oss-security: oss-security mailing list - 2026/05/22. ty (Colm O hEigeartaigh <coheigea@...che.or
CVE-2026-45725 HIGH
May 27

Arbitrary file write in the compliance-trestle Python library (versions 4.0.0-4.0.2 and any release below 3.12.2) lets a

Share

CVE-2026-35568 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy