CVE-2026-34742
Published: 02 April 2026
Summary
CVE-2026-34742 is a high-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Lfprojects Mcp Go Sdk. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious Link (T1204.001); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely flaw remediation through patching the Go MCP SDK to version 1.4.0, which enables DNS rebinding protection by default.
Ensures baseline configuration settings for HTTP-based MCP servers using StreamableHTTPHandler or SSEHandler include DNS rebinding protection to block unauthorized requests.
Provides protections for publicly accessible HTTP servers on localhost without authentication, mitigating bypass of same-origin policy via DNS rebinding attacks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is exploited by luring a user to visit a malicious website that performs DNS rebinding to bypass SOP and access the local MCP server, directly enabling T1204.001 Malicious Link.
NVD Description
The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without…
more
authentication with StreamableHTTPHandler or SSEHandler, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. This issue has been patched in version 1.4.0.
Deeper analysisAI
CVE-2026-34742 affects the Model Context Protocol (MCP) Go SDK in versions prior to 1.4.0. The vulnerability arises because the SDK does not enable DNS rebinding protection by default for HTTP-based servers, specifically when using StreamableHTTPHandler or SSEHandler on localhost without authentication. This flaw, tied to CWE-1188, allows potential bypass of browser same-origin policy restrictions and has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
A remote attacker can exploit this issue by luring a user to visit a malicious website. The site leverages DNS rebinding to send requests to the victim's local MCP server, bypassing same-origin policy protections. Successful exploitation enables the attacker to invoke tools or access resources exposed by the MCP server on the user's behalf, resulting in high confidentiality and integrity impacts under the specified conditions.
The issue has been patched in MCP Go SDK version 1.4.0. Mitigation involves upgrading to this version or later. Relevant details are provided in the project's GitHub security advisory (GHSA-xw59-hvm2-8pj6), the patching commit (67bd3f2e2b53ce11a16db8d976cdb8ff1e986b6d), pull request #760, and release notes for v1.4.0.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, model context protocol, mcp, mcp, mcp, mcp