CVE-2025-66414

Name of the Vulnerable Software and Affected Versions MCP TypeScript SDK versions prior to 1.24.0

Description The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. If an HTTP-based MCP server is running on localhost without authentication, using StreamableHTTPServerTransport or SSEServerTransport, and DNS rebinding protection is not enabled, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions. This could allow an attacker to send requests to the local MCP server and potentially invoke tools or access resources exposed by the server on behalf of the user. This issue does not affect servers using stdio transport. Running HTTP-based MCP servers locally without authentication is not recommended.

Recommendations Update to version 1.24.0 or later.