CVE-2026-35577: CWE-346: Origin Validation Error in apollographql apollo-mcp-server
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run on localhost without additional authentication or network-level controls, this could potentially allow a malicious website—visited by a user running the server locally—to use DNS rebinding techniques to bypass same-origin policy restrictions and issue requests to the local MCP server. If successfully exploited, this could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the local user. This issue is limited to HTTP-based transport modes (StreamableHTTP). It does not affect servers using stdio transport. The practical risk is further reduced in deployments that use authentication, network-level access controls, or are not bound to localhost. This vulnerability is fixed in 1.7.0.
AI Analysis
Technical Summary
Apollo MCP Server versions before 1.7.0 fail to validate the Host header on HTTP requests when using StreamableHTTP transport. This allows an attacker who can lure a user to a malicious website to perform DNS rebinding attacks that bypass same-origin policy protections, potentially invoking tools or accessing resources exposed by the local MCP server. The vulnerability is limited to HTTP-based transport and local deployments without additional authentication or network restrictions. It is addressed in version 1.7.0.
Potential Impact
Successful exploitation could allow an attacker to issue unauthorized requests to the local MCP server on behalf of the user, potentially invoking tools or accessing sensitive resources. The impact includes high confidentiality and integrity risks but no availability impact. The risk is mitigated in environments with authentication, network-level controls, or non-localhost bindings.
Mitigation Recommendations
Upgrade apollo-mcp-server to version 1.7.0 or later, where the Host header validation issue is fixed. If upgrading is not immediately possible, ensure that the MCP server is not exposed without authentication or network-level access controls, and avoid running HTTP-based MCP servers bound to localhost without such protections. Patch status is not explicitly stated but the vendor fixed the issue in version 1.7.0.
CVE-2026-35577: CWE-346: Origin Validation Error in apollographql apollo-mcp-server
Description
Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run on localhost without additional authentication or network-level controls, this could potentially allow a malicious website—visited by a user running the server locally—to use DNS rebinding techniques to bypass same-origin policy restrictions and issue requests to the local MCP server. If successfully exploited, this could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the local user. This issue is limited to HTTP-based transport modes (StreamableHTTP). It does not affect servers using stdio transport. The practical risk is further reduced in deployments that use authentication, network-level access controls, or are not bound to localhost. This vulnerability is fixed in 1.7.0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Apollo MCP Server versions before 1.7.0 fail to validate the Host header on HTTP requests when using StreamableHTTP transport. This allows an attacker who can lure a user to a malicious website to perform DNS rebinding attacks that bypass same-origin policy protections, potentially invoking tools or accessing resources exposed by the local MCP server. The vulnerability is limited to HTTP-based transport and local deployments without additional authentication or network restrictions. It is addressed in version 1.7.0.
Potential Impact
Successful exploitation could allow an attacker to issue unauthorized requests to the local MCP server on behalf of the user, potentially invoking tools or accessing sensitive resources. The impact includes high confidentiality and integrity risks but no availability impact. The risk is mitigated in environments with authentication, network-level controls, or non-localhost bindings.
Mitigation Recommendations
Upgrade apollo-mcp-server to version 1.7.0 or later, where the Host header validation issue is fixed. If upgrading is not immediately possible, ensure that the MCP server is not exposed without authentication or network-level access controls, and avoid running HTTP-based MCP servers bound to localhost without such protections. Patch status is not explicitly stated but the vendor fixed the issue in version 1.7.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-03T20:09:02.827Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d806d21cc7ad14da15a568
Added to database: 4/9/2026, 8:06:42 PM
Last enriched: 4/9/2026, 8:21:29 PM
Last updated: 4/10/2026, 7:33:02 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.