CVE-2026-34742: CWE-1188: Insecure Default Initialization of Resource in modelcontextprotocol go-sdk
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. This issue has been patched in version 1.4.0.
AI Analysis
Technical Summary
The MCP Go SDK before version 1.4.0 uses Go's standard encoding/json but does not enable DNS rebinding protection by default for HTTP-based servers. When an MCP server runs on localhost without authentication and uses StreamableHTTPHandler or SSEHandler, a malicious website can exploit DNS rebinding to bypass same-origin policy restrictions. This vulnerability allows attackers to send unauthorized requests to the local MCP server, potentially invoking tools or accessing exposed resources. The vulnerability is tracked as CWE-1188 (Insecure Default Initialization of Resource) and has a CVSS 4.0 score of 7.6 (high severity). The issue was fixed in MCP Go SDK version 1.4.0.
Potential Impact
An attacker controlling a malicious website can exploit DNS rebinding to bypass same-origin policy restrictions and send requests to a local MCP server running without authentication. This can lead to unauthorized invocation of tools or access to resources exposed by the MCP server on behalf of the user. The impact is limited to scenarios where the MCP server is run locally without authentication and uses specific handlers (StreamableHTTPHandler or SSEHandler).
Mitigation Recommendations
Upgrade the MCP Go SDK to version 1.4.0 or later, where DNS rebinding protection is enabled by default for HTTP-based servers. This patch addresses the vulnerability directly. No additional mitigation is required if the SDK is updated. If upgrading is not immediately possible, ensure that the MCP server is not run without authentication or avoid using the vulnerable handlers in untrusted environments. Patch status is confirmed fixed in version 1.4.0.
CVE-2026-34742: CWE-1188: Insecure Default Initialization of Resource in modelcontextprotocol go-sdk
Description
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. This issue has been patched in version 1.4.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The MCP Go SDK before version 1.4.0 uses Go's standard encoding/json but does not enable DNS rebinding protection by default for HTTP-based servers. When an MCP server runs on localhost without authentication and uses StreamableHTTPHandler or SSEHandler, a malicious website can exploit DNS rebinding to bypass same-origin policy restrictions. This vulnerability allows attackers to send unauthorized requests to the local MCP server, potentially invoking tools or accessing exposed resources. The vulnerability is tracked as CWE-1188 (Insecure Default Initialization of Resource) and has a CVSS 4.0 score of 7.6 (high severity). The issue was fixed in MCP Go SDK version 1.4.0.
Potential Impact
An attacker controlling a malicious website can exploit DNS rebinding to bypass same-origin policy restrictions and send requests to a local MCP server running without authentication. This can lead to unauthorized invocation of tools or access to resources exposed by the MCP server on behalf of the user. The impact is limited to scenarios where the MCP server is run locally without authentication and uses specific handlers (StreamableHTTPHandler or SSEHandler).
Mitigation Recommendations
Upgrade the MCP Go SDK to version 1.4.0 or later, where DNS rebinding protection is enabled by default for HTTP-based servers. This patch addresses the vulnerability directly. No additional mitigation is required if the SDK is updated. If upgrading is not immediately possible, ensure that the MCP server is not run without authentication or avoid using the vulnerable handlers in untrusted environments. Patch status is confirmed fixed in version 1.4.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-30T19:17:10.224Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69cec35ae6bfc5ba1dfb4cd2
Added to database: 4/2/2026, 7:28:26 PM
Last enriched: 4/9/2026, 10:45:51 PM
Last updated: 5/20/2026, 8:51:35 PM
Views: 128
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.