Cyber Resilience

CVE-2026-27896

High

Published: 26 February 2026

Published
26 February 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 7.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 14.5th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27896 is a high-severity Improper Handling of Case Sensitivity (CWE-178) vulnerability in Lfprojects Mcp Go Sdk. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27896 is a vulnerability in the Go MCP SDK versions prior to 1.3.1, stemming from the use of Go's standard encoding/json.Unmarshal for parsing JSON-RPC and MCP protocol messages. This library performs case-insensitive matching of JSON keys to struct field tags, meaning a field tagged "json:\"method\"" would accept "Method", "METHOD", or similar variations. This violates the JSON-RPC 2.0 specification, which mandates exact field names, and is associated with CWE-178 (Improper Handling of Case Sensitivity) and CWE-436 (Interpretation Conflict).

A malicious MCP peer can exploit this over the network by sending protocol messages with non-standard field casing, which the SDK silently accepts. Attackers require no privileges or user interaction (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, score 7.5), potentially bypassing intermediary inspection tools expecting strict JSON-RPC compliance and causing cross-implementation inconsistencies.

The vulnerability is fixed in SDK version 1.3.1 by replacing Go's standard JSON unmarshaling with a case-sensitive decoder, as detailed in commit 7b8d81c264074404abdf5aa16e2cf0c2d9c64cc0. Users should update to v1.3.1, with additional guidance in the GitHub security advisory at GHSA-wvj2-96wp-fq3f.

EU & UK References

Vulnerability details

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also…

more

match "Method", "METHOD", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Vulnerability enables unauthenticated remote exploitation of a network-exposed JSON-RPC/MCP service via crafted case-variant messages, directly mapping to exploitation of public-facing applications; case-insensitivity also facilitates evasion of strict protocol inspectors but does not match additional techniques with sufficient specificity.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33252Same product: Lfprojects Mcp Go Sdk
CVE-2026-34742Same product: Lfprojects Mcp Go Sdk
CVE-2026-25536Same vendor: Lfprojects
CVE-2026-2652Same vendor: Lfprojects
CVE-2025-15031Same vendor: Lfprojects
CVE-2025-11200Same vendor: Lfprojects
CVE-2025-11201Same vendor: Lfprojects
CVE-2025-67733Same vendor: Lfprojects
CVE-2025-1473Same vendor: Lfprojects
CVE-2026-21864Same vendor: Lfprojects

Affected Assets

lfprojects
mcp go sdk
≤ 1.3.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely identification, reporting, and correction of the flaw in Go MCP SDK versions prior to 1.3.1 by updating to the patched version with case-sensitive JSON decoding.

prevent

Mandates information input validation mechanisms that enforce strict case-sensitive parsing of JSON-RPC field names per the JSON-RPC 2.0 specification, rejecting malicious case-variant messages.

detectrespond

Vulnerability scanning detects deployment of vulnerable Go MCP SDK versions and triggers risk-based remediation to prevent exploitation.

References