The vulnerability CVE-2026-27896 affects the modelcontextprotocol Go SDK versions earlier than 1.3.1. The root cause is the reliance on Go's standard encoding/json.Unmarshal function for parsing JSON-RPC and MCP protocol messages. This function performs case-insensitive matching of JSON keys to struct field tags, meaning that a field tagged as json:"method" would also match keys like "Method" or "METHOD". However, the JSON-RPC 2.0 specification mandates exact case-sensitive matching of field names. This discrepancy allows a malicious MCP peer to craft protocol messages with non-standard casing in field names that the SDK would accept without error. Such acceptance can lead to bypassing intermediary inspection mechanisms that expect strict adherence to the specification, and can cause inconsistencies in how different implementations interpret messages. This undermines protocol integrity and could facilitate attacks such as message spoofing or manipulation. The vulnerability was addressed by replacing the standard unmarshaler with a custom case-sensitive decoder in commit 7b8d81c, released in version 1.3.1 of the SDK. The CVSS 4.0 score is 7 (high severity), reflecting network attack vector, low complexity, no privileges or user interaction required, but with high scope impact. No known exploits have been reported in the wild to date.

This vulnerability can have significant impacts on organizations using the affected modelcontextprotocol Go SDK versions in their systems. By accepting JSON-RPC messages with non-standard casing, attackers can bypass protocol enforcement and intermediary inspection tools that rely on exact field name matching. This can lead to unauthorized message injection, manipulation, or spoofing, potentially compromising the integrity and confidentiality of communications between components. Systems relying on strict JSON-RPC compliance for security or operational correctness may experience inconsistent behavior or security policy bypasses. In environments where MCP protocol messages control critical operations or sensitive data exchanges, this flaw could facilitate further exploitation or lateral movement. The network-based attack vector and lack of required privileges or user interaction increase the risk of remote exploitation. Although no known exploits exist yet, the vulnerability's nature and high severity score indicate a strong potential for impactful attacks if weaponized.

Organizations should immediately upgrade the modelcontextprotocol Go SDK to version 1.3.1 or later, which includes the fix replacing the standard JSON unmarshaler with a case-sensitive decoder. Until the upgrade is applied, network-level controls should be implemented to monitor and block MCP protocol messages with unexpected or non-standard JSON field casing. Protocol message validation tools or custom middleware can be deployed to enforce strict case-sensitive JSON-RPC compliance before messages reach vulnerable SDK components. Security teams should audit existing systems for usage of affected SDK versions and prioritize patching in critical environments. Additionally, reviewing and enhancing logging and anomaly detection for MCP protocol traffic can help identify attempts to exploit this vulnerability. Developers should avoid relying on default JSON unmarshaling behavior for protocol parsing where exact field matching is required, and consider adopting strict schema validation techniques.