Threats Tagged 'cwe-350'

CVE-2026-42559 is a high-severity vulnerability in the modelcontextprotocol Rust SDK (rmcp crate) prior to version 1. 4. 0. The Streamable HTTP server transport did not validate the incoming Host header, enabling a DNS rebinding attack. This flaw could allow a malicious website to send authenticated requests to an MCP server running on a victim's loopback or private network interface. The vulnerability is fixed in version 1. 4. 0. No known exploits in the wild have been reported.

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must present a certificate which is trusted by ZKTrustManager which makes the attack vector harder to exploit. Users are recommended to upgrade to version 3.8.6 or 3.9.5, which fixes this issue by introducing a new configuration option to disable reverse DNS lookup in client and quorum protocols.

MediumVulnerabilityUnited StatesGermanyChina+7#cve#cve-2026-24281#cwe-350

Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access internal services that should be restricted. Version 9.2.0 contains a patch for the issue.

MediumVulnerabilityUnited StatesUnited KingdomGermany+7#cve#cve-2026-28271#cwe-350

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS (PTR record) spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. Note: This is only exploitable on sites with an invalid API key.

AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. An attacker can gain access to the /messages endpoint served by the Agent API. This allows for the unauthorized exfiltration of sensitive user data, specifically local message history, which can include secret keys, file system contents, and intellectual property the user was working on locally. This issue is fixed in version 0.4.0.

MediumVulnerabilityGermanyFranceUnited Kingdom+4#cve#cve-2025-59956#cwe-350

vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool. This issue is fixed in version 1.12.5.

LowVulnerabilityGermanyFranceUnited Kingdom+5#cve#cve-2025-59163#cwe-350