CVE-2026-33946

Name of the Vulnerable Software and Affected Versions MCP Ruby SDK versions prior to 0.9.2

Description The Ruby SDK for Model Context Protocol servers and clients contains a session hijacking issue in its streamable http transport.rb implementation. An attacker obtaining a valid session ID can hijack a victim's Server-Sent Events (SSE) stream, intercepting all real-time data. The issue stems from a lack of session-to-user identity binding, ownership validation when establishing SSE connections, and protection against multiple simultaneous connections to the same session. Specifically, the store stream for session function overwrites existing streams for a session ID, allowing an attacker to replace a legitimate user's stream with their own. This allows the attacker to receive all subsequent data intended for the victim. The Python SDK includes protection against this by rejecting duplicate SSE connections.

Recommendations Versions prior to 0.9.2 should be updated to version 0.9.2 or later.