The vulnerability identified as CVE-2026-34742 affects the Model Context Protocol (MCP) Go SDK prior to version 1.4.0. The root cause is the insecure default initialization of the DNS rebinding protection mechanism in HTTP-based MCP servers. Specifically, the SDK uses Go's standard encoding/json package and does not enable DNS rebinding protection by default when the server is run on localhost without authentication, particularly with StreamableHTTPHandler or SSEHandler. DNS rebinding attacks exploit the ability to manipulate DNS responses to bypass the browser's same-origin policy, allowing a malicious website to send unauthorized HTTP requests to the local MCP server. This can lead to unauthorized invocation of tools or access to sensitive resources exposed by the MCP server, effectively allowing attackers to act on behalf of the user under limited conditions. The vulnerability is classified under CWE-1188, which concerns insecure default initialization of resources. The issue was publicly disclosed on April 2, 2026, and has been addressed in MCP Go SDK version 1.4.0 by enabling DNS rebinding protection by default. The CVSS v4.0 base score is 7.6 (high severity), reflecting network attack vector, low complexity, partial attack complexity, no privileges required, user interaction required, and high impact on confidentiality and integrity. No known exploits have been reported in the wild as of now.

Organizations using the MCP Go SDK versions prior to 1.4.0 and running HTTP-based MCP servers locally without authentication are at risk of DNS rebinding attacks. Such attacks can bypass browser same-origin policies, allowing malicious websites to send unauthorized requests to local MCP servers. This can lead to unauthorized execution of commands, access to sensitive data, or manipulation of local resources exposed by the MCP server. The impact is particularly significant in development, testing, or internal environments where authentication is not enforced. If exploited, attackers could leverage this to compromise local systems, escalate privileges, or pivot within internal networks. The vulnerability affects confidentiality and integrity severely, while availability impact is minimal. Given the network attack vector and ease of exploitation with user interaction, the threat poses a substantial risk to organizations relying on vulnerable MCP SDK versions, especially those exposing MCP servers on localhost without proper security controls.

To mitigate this vulnerability, organizations should upgrade the MCP Go SDK to version 1.4.0 or later, where DNS rebinding protection is enabled by default. For environments where immediate upgrade is not feasible, administrators should manually enable DNS rebinding protection mechanisms if supported by the SDK or implement network-level controls such as firewall rules to restrict access to the MCP server on localhost. Additionally, avoid running MCP HTTP servers without authentication, especially when using StreamableHTTPHandler or SSEHandler. Employ strict Content Security Policies (CSP) and browser security settings to limit the ability of malicious websites to perform DNS rebinding attacks. Monitoring and logging access to MCP servers can help detect suspicious activities. Finally, educate developers and system administrators about the risks of DNS rebinding and the importance of secure default configurations.